Snort mailing list archives
Re: rules in snort inline
From: Nigel Houghton <nhoughton () sourcefire com>
Date: Tue, 15 Jun 2010 15:52:43 -0400
On Tue, Jun 15, 2010 at 3:33 PM, black_angel black_angel <black.sad.angel () gmail com> wrote:
hey everybody, i try to change all the rules for my snort inline from mode "alert" to "drop" i used this script but it doesn't work correctly: cd /etc/snort_inline/rules/ for file in $(ls -1 *.rules) do sed -e 's:^alert:drop:g' ${file} > ${file}.new mv ${file}.new ${file} -f done if someone have another script or any idea ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Don't do that, any of you. There are flowbit rules (the ones that set a flowbit) that should never be set to drop. Use Pulled Pork or Oinkmaster to manage your rules and make changes. That is all. -- Nigel Houghton Head Mentalist SF VRT http://vrt-sourcefire.blogspot.com && http://labs.snort.org/ ------------------------------------------------------------------------------ ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- rules in snort inline black_angel black_angel (Jun 15)
- Re: rules in snort inline JJC (Jun 15)
- Re: rules in snort inline Nigel Houghton (Jun 15)
- Re: rules in snort inline Joel Esler (Jun 15)
- Re: rules in snort inline Paul Schmehl (Jun 15)
- Re: rules in snort inline Joel Esler (Jun 15)
- Re: rules in snort inline Burks, Doug (Jun 15)
- Re: rules in snort inline Crook, Parker (Jun 15)
- Re: rules in snort inline Burks, Doug (Jun 15)
- Re: rules in snort inline Crook, Parker (Jun 15)
- Re: rules in snort inline Tomas Heredia (Jun 15)