Pages

Monday, May 9, 2011

Snort notes

Reloading Snort rules without stopping the server:
     killall -HUP snort

Whitelisting an IP:
add the following to the /etc/snort/rules/local.rules
     pass udp 134.129.111.111 any -> any any ( sid:1000001 ;)
     pass udp any any -> 134.129.111.111 any ( sid:1000002 ;)
Posted by Teeps (Terry Palmer) at 10:17 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)