[Snort-users] Fwd: Decoder rule: how to set traffic that must be inspected ?

oleg gv oagvozd at gmail.com
Wed May 16 06:21:57 EDT 2018


I need some given decoder rule inspects all traffic except traffic for some
specified src-dst IP pair.  Or specify IP pair for which this decoder rule
must work only.

No header exists for decoder rules. How it can be done ?

I do not want to consider solution with second view (it's too globall and
complicated)

If it is possible: answer me please for snort 2.9 and 3.x
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180516/2afe7305/attachment.html>


More information about the Snort-users mailing list