[Snort-users] Restart snort inline without traffic loss?
wkitty42 at ...14940...
Thu Feb 7 14:09:54 EST 2013
On 2/7/2013 12:55, Andy wrote:
> Thanks for all the replies, I am still confused by the rules I am getting
> with pulledpork, every rule is an alert, none are a drop, so if I want snort
> to drop bad traffic what do I do? If I manually change an alert rule to a
> drop rule it will get overwritten on the next download, have I missed
you have obviously missed my earlier reply stating that yes, all distributed
rules are 'alert' rules and that you need to configure pulledpork to change them
to drop rules... if pulledpork is as much like oinkmaster as i think it may be,
then there should be a mechanism where you tell it to modifysid the rules you
want changed to 'drop' rules...
More information about the Snort-users