Snort mailing list archives
Re: [Hogwash-devel] what is the difference between these rules!??!?!
From: allen <aef () prismnet com>
Date: 02 Aug 2002 19:20:08 -0500
I think you may find your answer if you look at the "direction" of your first rule here... It says, "if you see 'tavala" coming FROM the EXTERNAL interface, then drop the packet". That is in the wrong "direction" if you are trying to stop a request FROM the INTERNAL interface. ? -AEF On Sat, 2002-08-03 at 12:42, funky wrote:
Hi, I'm trying to block some sites using the hogwash patch for Snort. I tried the rule below like the porn.rules: drop tcp $EXTERNAL_NET 80 -> $HOME_NET any / (msg:"Game site in not allowed!!";content:"tavla";nocase;flags:A+) Tyring to enter a web-site froma client, for exemple www.tavla.com, i can enter that, why!?!??!?! i have to modify the rule like below in order to block the site: drop tcp any any <> any any / (msg:"Game site is not allowed!!"; content:"tavla";) Now i'M not allowed to enter the sites. So do i have to modify the rules like that which i wanna apply the "drop" option!??!??! Anyone can help me in that case please?!?!? thanx funky Istanbul __________________________________________________ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Hogwash-devel mailing list Hogwash-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/hogwash-devel
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- what is the difference between these rules!??!?! funky (Aug 03)
- Re: what is the difference between these rules!??!?! Matt Kettler (Aug 03)
- Re: [Hogwash-devel] what is the difference between these rules!??!?! allen (Aug 05)