Re: rule processing.

[Chris Green <cmg () snort org>]

"Federico Lombardo" <egopfe () hotmail com> writes:

> Is possibile with snort to make rule processing like a firewall
> (such as ipfilter or iptable) ?
>
> I mean this:
>
> I put some rule in insertion number
>
> rule 1
> rule 2 
> rule 3
>
> If the rule 2 matches the packet for its kind of connection and
> hosts, rule 3 is not processed.


Thats how the alert system works.  There are also pass rules.  To get
pass rules to be evaluated before the alerts, use the -o command line
option.
-- 
Chris Green <cmg () snort org>
This is my signature. There are many like it but this one is mine.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users