[Snort-users] icmp pass rules

Joel Esler eslerj at ...11827...
Wed Oct 22 13:32:34 EDT 2008


Your rules have no "sid" keyword in them. You must put an sid number in
there above 1 million.
J

On Wed, Oct 22, 2008 at 1:15 PM, Stephen Reese <rsreese at ...11827...> wrote:

> Snort is telling me that I have duplicate pass rules.  Do I have to
> define the whole rule in order to allow the two pass rules to work?
> The first one worked fine until I added the second one.
>
> Oct 22 09:10:28 atlas snort[4680]: FATAL ERROR:
> /etc/snort/snort-eth2.conf(58): Duplicate rule with same gid (1) and
> no sid.  To avoid this, make sure all of your rules define an sid.
>
>
> var HOME_NET [
> 172.31.1.0/24,172.31.2.0/24,172.31.3.0/24,172.31.4.0/24,172.31.5.0/24]
>
> # Set up the external network addresses as well.  A good start may be "any"
>
> var EXTERNAL_NET any
>
> #Ignore redirects from the main router to internet gateway
> var 3825ROUTER [172.31.1.1/32]
> pass icmp $3825ROUTER any -> $HOME_NET any
>
> #Chatty Minolta copiers
> var DI200 [172.31.1.223/32,172.31.1.240/32]
> pass icmp $DI200 any -> $3825ROUTER any
>
> Thanks in advance.
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's
> challenge
> Build the coolest Linux based applications with Moblin SDK & win great
> prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-usersSnort-users>list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>



-- 
Joel Esler
  Cell: 706-231-1451
  iChat:  eslerjoel
[m]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20081022/3a265b55/attachment.html>


More information about the Snort-users mailing list