[Snort-users] query for snort signature writing using if condition

Joel Esler (jesler) jesler at cisco.com
Mon Feb 12 09:06:50 EST 2018


Thank you for writing in.

Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Thanks!

Sent from my iPhone

On Feb 12, 2018, at 08:26, B M via Snort-users <snort-users at lists.snort.org<mailto:snort-users at lists.snort.org>> wrote:

unsubscribe

On Sun, Feb 11, 2018 at 1:00 PM, <wkitty42 at windstream.net<mailto:wkitty42 at windstream.net>> wrote:
On 02/11/2018 12:21 PM, Décomaï Lambano via Snort-users wrote:
Hi all,

Looking for how to configure pfsense 2.3.4 and pfsense 2.4.2  in order to block youtube videos, streaming videos, facebook and other dangerous website with squid, snort and suricana. Is there any computer spécification to respect in order to install pfsense for a huge company network (500 to 1000 users).


1. please don't hijack someone else's thread.
2. use your DNS server for these types of blocks. that's what it is there for.

here's an example using DNSMASQ... no clue what pfsense uses for its DNS stuffings...

----->8 snip dnsmasq.conf snip 8<-----
# block these domains with NXDOMAIN
server=/example.com/<http://example.com/>
server=/facebook.com/<http://facebook.com/>
server=/fbcdn.net/<http://fbcdn.net/>
server=/fbcdn.com/<http://fbcdn.com/>
server=/facebook.net/<http://facebook.net/>
----->8 snip dnsmasq.conf snip 8<-----



--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*

_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

_______________________________________________
Snort-users mailing list
Snort-users at lists.snort.org<mailto:Snort-users at lists.snort.org>
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180212/8a0efaac/attachment.html>


More information about the Snort-users mailing list