[Snort-users] wihtelist one IP?

post urne posturne at ...11827...
Thu Dec 3 07:16:39 EST 2009


I try to whitelist one of our customer IP in my local Snort setup.

After many "googling" I belive to found a way:

I created 2 rules in the /etc/snort/rules/local.rules:

pass tcp 217.x.x.x any -> any any ( sid:1000001 ;)
pass tcp any any -> 217.x.x.x any ( sid:1000002 ;)

The local.rules file is in snort.conf included, but I still get tcp
alerts for 217.x.x.x.

where is my mistake - any ideas?


More information about the Snort-users mailing list