[Snort-users] Pulledpork Modify Rules Automatically

Jim Campbell jim at w4bqp.net
Wed Jun 14 21:42:23 EDT 2017

Since I last posted here I ended up formatting my hard drive, installing 
the latest Ubuntu and installing Snort in IPS mode. However, at the end 
of the tutorial on 
http://sublimerobots.com/2016/02/snort-ips-inline-mode-on-ubuntu/ it 
shows you how to modify the single local rule to drop rather than alert. 
There is mention of a future page that will tell how to have Pulledpork 
automatically modify all the rules to drop.

My setup is running in inline mode but so far hasn't reported any 
packets being flagged. I could sure use some help.



"We are not human beings having a spiritual experience;
we are spiritual beings having a human experience."
---Pierre Teilhard de Chardin

