[Snort-users] Newbie question: reject rule for IPv6

K b urbestfriend at ...11827...
Fri Dec 9 07:48:56 EST 2011


Hello,

A newbie here and I was trying to setup snort inline with NFQ for IPv6
services.  Just for testing I have added the following reject rule.

reject tcp any any -> any 80 (classtype:attempted-user;
msg:"Snort_test"; content:"snort-test"; sid:9000001; rev:1;)

Now If I send a traffic with the above content, I see that alerts are
getting generated but this requests is not being reset as expected.

I am running snort 2.9.1.2, my snort.conf is unchanged. What am I doing wrong?

Have a good day.

Thanks and regards,
Kumar




More information about the Snort-users mailing list