Thu Nov 23 16:36:19 EST 2017

>> 	Is it possible to drop a packet when a rule is matched ?
>> 	(like HogWash)

Since you mention Hogwash, I'm assuming that you want to discard the backet.
Send it to the bit bucket, /dev/null, whatever.  AFAIK, you can't discard the
packet with a snort rule.  You can pass, alert, log, and flexresp from rules.
The closest thing that I can think of would be to use flexresp to send a RST
or FIN in reply to the offending packet.

If this isn't what your're looking for, correct me!


Erek Adams

