[Snort-users] Switching snort from IDS to IPS mode

bobby architectofthefuture at gmail.com
Sat Feb 3 06:42:58 EST 2018


I am running Snort inline.  I am running Linux.
What would be the easiest way to replace all rules with drop from alert?
Would I have to run a script to modify each rule, or is there an easier
way?

On Fri, Feb 2, 2018 at 10:13 PM, <wkitty42 at windstream.net> wrote:

> On 02/02/2018 06:56 PM, bobby via Snort-users wrote:
>
>> I would like to switch Snort from IDS to IPS mode.  Is this done only by
>> modifying the rules, from alert, to drop status, or is there an easier,
>> better way of accomplishing this?
>>
>
> IIUC, modifying the rules to drop as well as running inline... you have to
> be inline for snort to be able to control the connections and drop the ones
> you don't want...
>
>
> --
>  NOTE: No off-list assistance is given without prior approval.
>        *Please keep mailing list traffic on the list unless*
>        *a signed and pre-paid contract is in effect with us.*
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.snort.org
> Go to this URL to change user options or unsubscribe:
> https://lists.snort.org/mailman/listinfo/snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
> Please follow these rules: https://snort.org/faq/what-is-
> the-mailing-list-etiquette
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180203/071c73c3/attachment.html>


More information about the Snort-users mailing list