[Snort-users] Problem with the -o option
mkettler at ...4108...
Fri Nov 5 12:41:58 EST 2004
At 10:50 AM 11/5/2004, Kaplan, Andrew H. wrote:
>2. The pass rules all have the <> operand between every instance of the source
>and destination. Is there anything else I need to do within
Can you post an example of what your pass rules look like?
they should be of the format:
pass ip host1/32 any <> host2/32 any
pass ip net1/cidrmask1 any <> net2/cidrmask2 any
(of course, you can make the pass rule more restrictive, by specifying
source/dest ports and a protocol other than IP (ie: tcp))
pass host1 <> host2 isn't valid, as far as I know.
The last example sounds like what you're trying to describe, but I'm not
sure exactly what your pass rules look like based on your vague description.
More information about the Snort-users