Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Network Variables

From: "Seth Dunn" <seth () d2ms com>
Date: Tue, 30 Apr 2013 22:17:52 -0400
My bpf file is ignore.bpf and has one line in it::
not net 10.10.0.0/24 || 10.30.0.0/24

I have also tried variations of that rule using ! instead of  not...
Using && instead of ||
I have also used the rule across two lines like 
not net 10.10.0.0/24 &&
not net 10.30.0.0/24
But that also did not work.

I have the bpf file defined in my snort.conf file :: config bpf_file:
D:\Snort\etc\ignore.bpf
I also call it with the switch -F d:\snort\etc\ignore.bpf

Still nothing.  Traffic is not ignored/filtered out....snort still
alerts on it.

-----Original Message-----
From: waldo kitty [mailto:wkitty42 () windstream net] 
Sent: Tuesday, April 30, 2013 9:47 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Network Variables

On 4/30/2013 19:28, Seth Dunn wrote:

Right, and I set up the text file, and snort started and read the

file.

But it didn't filter out the traffic.
And I have followed the examples I have seen creating the file, but it



is not working as expected.


please post the contents of the file and the command line you used to
start snort...

--
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

------------------------------------------------------------------------
------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: