Snort mailing list archives
Re: Question about negated and non-negated variables in rules
From: Jens-Harald Johansen <corinth () online no>
Date: Sat, 29 Nov 2003 12:24:27 +0100
Matt Kettler wrote:
At 02:49 PM 11/28/2003, Jens-Harald Johansen wrote:Thanks Matt, but what I was looking for was the boolean equivalent of: (a) and ((not b) or (not c))Meaning, I want a, but not b or c. This rule will then be negated in the rules I'm mod'ing.*cough* compare those two statements... (a) and ((not b) or (not c)) (note: the above is the same as "a" if b and c don't overlap) is not the same as: A and not (b or c).However, I don't think that construct is possible in snort syntax... you'd have to use pass rules to get it.The top-level operation in a IP list in snort is an OR operator, not an AND operator, so you cannot "subtract off" IPs already added to the list.
Sorry, my bad. Been awhile since I had any boolean mathematic in school and ... err ... guess I stumbled a bit there *cough*.
You're absolutly correct. I need to whitelist a couple of IP addresses which are allowed to run certain forms of ICMP traffic on our net.
But if I understand you correctly, I need to create pass rules for the hosts which are allowed to run the ICMP traffic ? Think I'll need to RTFM concerning pass rules. Haven't used them before.
Thanks jens:H ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about negated and non-negated variables in rules J-H. Johansen (Nov 27)
- Re: Question about negated and non-negated variables in rules J-H. Johansen (Nov 27)
- Re: [OT] Question about negated and non-negated variables in rules Matt Kettler (Nov 28)
- Re: Question about negated and non-negated variables in rules Matt Kettler (Nov 28)
- Re: Question about negated and non-negated variables in rules Jens-Harald Johansen (Nov 28)
- Re: Question about negated and non-negated variables in rules Matt Kettler (Nov 28)
- Re: Question about negated and non-negated variables in rules Jens-Harald Johansen (Nov 29)
- Re: Question about negated and non-negated variables in rules Matt Kettler (Dec 01)
- Re: Question about negated and non-negated variables in rules J-H. Johansen (Dec 01)
- Re: Question about negated and non-negated variables in rules Matt Kettler (Dec 01)
- Re: Question about negated and non-negated variables in rules Jens-Harald Johansen (Nov 28)
- Re: Question about negated and non-negated variables in rules J-H. Johansen (Nov 27)