[Snort-users] Network Variables

Seth Dunn seth at ...16266...
Tue Apr 30 22:17:52 EDT 2013


My bpf file is ignore.bpf and has one line in it::
not net 10.10.0.0/24 || 10.30.0.0/24

I have also tried variations of that rule using ! instead of  not...
Using && instead of ||
I have also used the rule across two lines like 
not net 10.10.0.0/24 &&
not net 10.30.0.0/24
But that also did not work.

I have the bpf file defined in my snort.conf file :: config bpf_file:
D:\Snort\etc\ignore.bpf
I also call it with the switch -F d:\snort\etc\ignore.bpf

Still nothing.  Traffic is not ignored/filtered out....snort still
alerts on it.

-----Original Message-----
From: waldo kitty [mailto:wkitty42 at ...14940...] 
Sent: Tuesday, April 30, 2013 9:47 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Network Variables

On 4/30/2013 19:28, Seth Dunn wrote:
> Right, and I set up the text file, and snort started and read the
file.
> But it didn't filter out the traffic.
> And I have followed the examples I have seen creating the file, but it

> is not working as expected.

please post the contents of the file and the command line you used to
start snort...

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------
------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!




More information about the Snort-users mailing list