Snort mailing list archives
Help needed to modify drop rules to reject rules with pulledpork modifysid.conf
From: Alex Lam <alexcklam () gmail com>
Date: Tue, 9 Sep 2014 23:11:27 -0700
Hi,
I run Snort in inline mode and I have setup drop rules using dropsid.conf.
Now, how can I turn these dropsid.conf rules from "drop" to "reject”?
I tried this line in modifysid.conf
* "^\s*drop" “reject"
but it did not work even when my pulledpork.conf already has this line:-
state_order = enable,drop,modify,disable
Here are extracts from my pulledpork run log:
Modifying Sids....
Modifying ALL SIDS from:^\s*drop to:reject
Done!
Processing /root/pulledpork-0.7.0/etc/enablesid.conf....
Enabled 1:2005283
Enabled 1:2010514
<snip>
Will drop 124:8
Will drop 131:3
Modified 12783 rules
Done
Processing /root/pulledpork-0.7.0/etc/modifysid.conf....
Modified 0 rules
Done
Processing /root/pulledpork-0.7.0/etc/disablesid.conf....
<snip>
Any ideas how I can turn dropsid.conf-enabled rules from “drop” to “reject”??
Thanks
alex
------------------------------------------------------------------------------ Want excitement? Manually upgrade your production database. When you want reliability, choose Perforce Perforce version control. Predictably reliable. http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Alex Lam (Sep 09)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Y M (Sep 10)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Alex Lam (Sep 10)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Y M (Sep 10)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Alex Lam (Sep 10)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Y M (Sep 10)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Alex Lam (Sep 10)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Alex Lam (Sep 10)
- Re: Help needed to modify drop rules to reject rules with pulledpork modifysid.conf Y M (Sep 10)