[Snort-users] whitelist rule to 1 ip?

Ray Caparros arcy24 at ...11827...
Wed Mar 3 08:07:55 EST 2010


You can use a BPF filter (aka "tcpdump filter") when starting Snort

-Ray


On Wed, Mar 3, 2010 at 5:11 AM, Morgan Cox <morgancoxuk at ...11827...> wrote:
> Hi.
>
> I did ask this a while ago but never got a response.
>
> What is the correct way of white-listing a rule for a specific IP .
>
> I know that your can suppress warnings of a rule to an IP using the
> threshold file, but is thee any way to completely whitelist a rule - to 1 IP
> only?
>
> Any help on this will be appreciated.
>
> Regards
>
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>




More information about the Snort-users mailing list