[Snort-users] icmp pass rules
rsreese at ...11827...
Wed Oct 22 14:02:09 EDT 2008
On Wed, Oct 22, 2008 at 1:32 PM, Joel Esler <eslerj at ...11827...> wrote:
> Your rules have no "sid" keyword in them. You must put an sid number in
> there above 1 million.
Thank you Joel, got it with the following:
#Ignore redirects from the main router
var 3825ROUTER [172.31.1.1/32]
pass icmp $3825ROUTER any -> $HOME_NET any (msg:"ICMP Destination
Unreachable Protocol Unreachable"; sid:1000000;)
#Chatty Minolta copiers
var DI200 [172.31.1.223/32,172.31.1.240/32]
pass icmp $DI200 any -> $3825ROUTER any (msg:"ICMP redirect net"; sid:1000001;)
More information about the Snort-users