[Snort-users] wihtelist one IP?
posturne at ...11827...
Thu Dec 3 07:16:39 EST 2009
I try to whitelist one of our customer IP in my local Snort setup.
After many "googling" I belive to found a way:
I created 2 rules in the /etc/snort/rules/local.rules:
pass tcp 217.x.x.x any -> any any ( sid:1000001 ;)
pass tcp any any -> 217.x.x.x any ( sid:1000002 ;)
The local.rules file is in snort.conf included, but I still get tcp
alerts for 217.x.x.x.
where is my mistake - any ideas?
More information about the Snort-users