Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Restart snort inline without traffic loss?

From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 07 Feb 2013 14:09:54 -0500
On 2/7/2013 12:55, Andy wrote:

Thanks for all the replies, I am still confused by the rules I am getting
with pulledpork, every rule is an alert, none are a drop, so if I want snort
to drop bad traffic what do I do? If I manually change an alert rule to a
drop rule it will get overwritten on the next download, have I missed
something?


you have obviously missed my earlier reply stating that yes, all distributed 
rules are 'alert' rules and that you need to configure pulledpork to change them 
to drop rules... if pulledpork is as much like oinkmaster as i think it may be, 
then there should be a mechanism where you tell it to modifysid the rules you 
want changed to 'drop' rules...



------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: