Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Order of rules

From: Dave Corsello <snort-users () wintertreemedia com>
Date: Tue, 29 Apr 2014 17:35:13 -0400
Let me narrow that down.  Assume that no command line options or 
snort.conf options are used to change the order in which rule actions 
are taken, and that rule processing ends after the first hit.  
Basically, I want to know if changing the physical order of two drop 
rules with the same priority in my local.rules file makes a difference, 
or if there's some other default sort order that takes precedence.


On 4/29/2014 9:07 AM, Dave Corsello wrote:

Here's a very basic question:  In what order are snort rules processed:
the order in which they are listed in a rules file, or in gid/sid order?

------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos.  Get 
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: