[Snort-users] Fwd: Block packets using snort with pf_ring

Lavanya Kumar lavanyakumar84 at ...11827...
Tue Sep 29 01:17:24 EDT 2015

Thanks for your reply,
        i have changed my rule according to your suggestion,but it doesn't
work.here is my rule.
drop tcp any any -> any any ( content : "facebook" ; msg : "Facebook is
Blocked" ; sid : 200001 ; rev : 1; resp: reset_both;)

my query is i would like to block some of the urls viz facebook,youtube,etc
..,within the network.I configured my server at router level and 1 client
machines were connected to this server. Those machines should not allowed
to access specified urls. I would like to achieve this using pf_ring
without any packet loss.

09/28-14:23:45.058089  [Drop] [**] [1:200001:1] Facebook is Blocked [**]
[Priority: 1]

i am getting this alert on the server machine but the client could access
the website.

Previously, i could  achieve this using daq -nfq module.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150929/286d9c1d/attachment.html>

More information about the Snort-users mailing list