Snort mailing list archives
Re: Stopping particular rules
From: "GeEk" <koolman () visi0n net>
Date: Mon, 25 Jun 2001 13:58:23 -0400 (EDT)
Like Joe said you need you're -o option to get the custom ICMP rule you created to work (because the -o option make pass rules take presidence) . Also not all of the rules pertaning to ICMP are in the some are in misc.rules and info.rules -- LinSys ----- When you die and your life flashes before your eyes does that include the part where your life flashes before your eyes? ----- On Mon, 25 Jun 2001, Joe McAlerney wrote:
Hello Bennett, I'm not sure why you are still seeing them when the includes are commented out. Perhaps there are some hidden in other .rules files like Kiira said. As far as your pass rule, you must use -o to change the rule ordering, or the "alert" icmp rules will take precedence. Happy Snorting, -Joe M.
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stopping particular rules Bennett Samowich (Jun 25)
- Re: Stopping particular rules Joe McAlerney (Jun 25)
- Re: Stopping particular rules GeEk (Jun 25)
- <Possible follow-ups>
- RE: Stopping particular rules Kiira Triea (Jun 25)
- Re: Stopping particular rules Joe McAlerney (Jun 25)