Flexresp problems

["Ward, Rob" <Rob.Ward () liverpool ac uk>]

I've installed with Flexresp and when I try to add react:block; to a rule I get the message below, any ideas please 
anyone?

FATAL ERROR: Warning: /etc/snort/rules/local.rules(1) => Unknown keyword ' react' in rule!

The rule syntax looks OK to me and I've used this before without a problem. I'm running snort 2.8.0.1 on Cent OS 5.

The rule looks like this:

alert tcp $HOME_NET any -> $EXTERNAL_NET 8888 (msg:"P2P napster login"; flow:to_server,established; content:"|00 02 
00|"; depth:3; offset:1; classtype:policy-violation; sid:549; rev:8; react:block;)


Also with Flexresp in which file do you put your variables i.e:

# just stop the offender
    var RESP_TCP resp:rst_snd;

I get the same error when I put this in snort.conf and replace react:block; with $RESP_TCP in my rules. I also get the 
same error with resp:rst_snd; in the rules.

Any help would be appreciated, thanks!

Rob Ward
Network Northwest Support
University of Liverpool
Computing Services Department

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users