[Snort-users] blacklist vs black_list :: pulledpork overwrites the files with a list of IP addresses
wkitty42 at ...14940...
Wed May 28 22:37:23 EDT 2014
On 5/28/2014 4:47 PM, Steve Crow wrote:
> Pulledpork is overwriting my blacklist.rules or black_list.rules files that
> normally has rules in it with a list IP addresses. Whichever is listed in
> snort.conf gets overwritten.
> Why are there two similarly named rules files.
> What are their proper uses.
> How does it need to be specified in snort.conf so that pulledpork doesn't
> overwrite the rules with IP addresses?
the one named in the reputation blacklist/whitelist section is the one that
should have IP addresses in it... the other one is the one with rules in it...
FWIW: this came up about a year+ ago... at that time, i suggested to VRt that
they rename the reputation blacklist/whitelist files to RP_whitelist and
RP_blacklist specifically so denote them being related to the reputation
processor... i recommend you do the same now and leave the other one named as it
is... i don't recall which is which but your snort.conf will tell you ;)
NOTE: No off-list assistance is given without prior approval.
Please *keep mailing list traffic on the list* unless
private contact is specifically requested and granted.
More information about the Snort-users