Thanks Frank, I don't see this feature.
Many thanks to all.
Frank Knobbe wrote:
On Fri, 2006-05-12 at 11:00 +0200, carlopmart wrote:
Yes, correct but I need to modify snort rules by hand if i would to
block some connections with snortsam (and if I launch process to update
snort rules, they are overwritted and I lose my changes). I need to
block connections immediately using snort rules and custom rules.
You can create a sid-block.map file instead of modifying rules. See
README.rules:
---8<---
Instead of modifying the Snort rules, you can also create a file named
sid-block.map which has to be in the same directory as Snort's
sid-msg.map
file (typically etc). In this file you can list the fwsam option using
following syntax:
<sid>:<option>
For example:
1023: src, 15 min
Alternatively, you may use a | (pipe) instead of a : (colon).
This has the same effect as adding "fwsam: src, 15min;" to the Snort
rule
with SID 1023.
You can specify options in both places (rules and sid-block.map
file), but
the sid file takes priority. The file has to be in the same directory
as the
other Snort config files (ie. sid-msg.map).
--->8---
Regards,
Frank
--
CL Martinez
carlopmart {at} gmail {d0t} com
-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
