[Snort-users] icmp pass rules
frank at ...9761...
Fri Oct 24 13:01:20 EDT 2008
On Fri, 2008-10-24 at 10:33 -0400, Stephen Reese wrote:
> Last one I hope, I'm already using a few pass rules:
> #Ignore redirects from the main router to internet gateway
> var 3825ROUTER [172.31.1.1/32]
> pass icmp $3825ROUTER any -> $HOME_NET any
No, this ignore *all* ICMP traffic from the router to $HOME_NET, not
just redirects. You need to add the specific options (like icode) if you
want to limit it to redirects.
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users