Prioritization of the local rules against the default one.

[dom via Snort-sigs <snort-sigs () lists snort org>]

Override basic rules.
I have got snort version:3+ runs on my system. If works fine and classy, 
however I have a small configuration problem.
One of the local music streaming device attached to the local network. 
When is on it jeopardize the all local system, by regular sending tons 
of discovery request following form:
/...
192.168.1.170:3483 -> 255.255.255.255:3483
.../
As you can expect, it triggers snort responds on the udp filter and 
block the device for about a minute, and then come back, until starts 
again let's call it "udp flood", and the scenario repeat itself.
I have created folioing rule to ignore it.
*...
pass udp 192.168.1.170 3483 <> 192.168.1.0/24 3483 (priority:1; 
sid:1000077; rev:1;)
...*
Snort likes it  (the rule), however it is still bloked, snort log below:
/...
[**] [116:414:1] "(ipv4) IPv4 packet to broadcast dest address" [**]
[Priority: 3]
03/20-21:22:07.757460 192.168.1.170:3483 -> 255.255.255.255:3483
UDP TTL:64 TOS:0x0 ID:14225 IpLen:20 DgmLen:46
Len: 18
.../
I am sure there is a way to prioritize the local traffic against the 
basic snort rules. I am diving through the snort 2.9 documentation, but 
it is a large one, and it takes some time.
Is there anyone who could point out the right direction how to solve 
thee problem.
Regards
dom

Attachment: OpenPGP_0x0EEEBE85AABC7033.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

Please visit http://blog.snort.org for the latest news about Snort!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!