Snort mailing list archives

question about default behavior and reading order snort rules

From: Ricardo Barbosa <ricardobarbosams () yahoo com br>
Date: Sun, 22 Aug 2010 23:41:23 -0400

Hi,

I am studying snort and want to know what behavior pattern snort took 
all the rules and preprocessors and left only one rule for the same test 
the following rule.

(outside)eth0 snort inline eth1(inside)

iptables -t filter -I FORWARD -i eth0 -j QUEUE
drop ip any any -> any any (msg:"teste";sid:1000009)

But it seems that the snort rule and ignores my ping coming from eth0 works

according to the above rule should not work?

The variable left as HOME_NET 200.200.200.0/24

Regards.

__________________________________________________
Fale com seus amigos  de graça com o novo Yahoo! Messenger 
http://br.messenger.yahoo.com/ 

------------------------------------------------------------------------------
This SF.net email is sponsored by 

Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

question about default behavior and reading order snort rules Ricardo Barbosa (Aug 22)