[Snort-users] question about default behavior and reading order snort rules

Ricardo Barbosa ricardobarbosams at ...6873...
Sun Aug 22 23:41:23 EDT 2010


I am studying snort and want to know what behavior pattern snort took 
all the rules and preprocessors and left only one rule for the same test 
the following rule.

(outside)eth0 snort inline eth1(inside)

iptables -t filter -I FORWARD -i eth0 -j QUEUE
drop ip any any -> any any (msg:"teste";sid:1000009)

But it seems that the snort rule and ignores my ping coming from eth0 works

according to the above rule should not work?

The variable left as HOME_NET


