Re: [Snort-sigs] snort whitelist

If you wanted, for instance, to ignore packets from 10.2.3.4, you would create a rule:

    pass ip 10.2.3.4 any -> any any (msg:"Pass, friend";)

and then, since pass rules are evaluated *AFTER* alert and other types, you must change the rule order by either running snort with the -o option, or putting a line in the snort.conf file:

    config order: pass, alert

I hope this helps (and I hope I got it right...)

MEGA Hospedagem wrote:

>is it possible to set snort to don't even analyze packets from certain

-- 
"The trouble with doing something right the first time 
 is that nobody appreciates how difficult it was."

-- Dale L. Handy, P.E.
   dhandy@nitrodata.com
   
http://www.nitrodata.com




-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.
http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related snort.org Links snort-announce snort-cvsinfo snort-devel snort-sigs snort-users Request more information about Pantek