Koozali.org: home of the SME Server

Custom rules for snort

Offline rmoria

  • ***
  • 78
  • +0/-0
    • http://www.osvorca.nl
Custom rules for snort
« on: August 01, 2006, 12:08:44 PM »
Hi,

Snort will block my remote IP adres after a while, which can be anoying when I went to access the server. I do not like to wait for a day.

Does anyone have experience in making pass-rules for snort. The snort manual is a bit expert for me.

Maybe it is handy to pass the IP adresses defined in the remote acces pannel and ports defined in port-forwarding. Or a whitelist managed from sever-manager.
...
Yes, I can ask more questions then you can answer  8-)
...

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
Custom rules for snort
« Reply #1 on: August 01, 2006, 04:23:25 PM »
Hello,

It's not snort that block the IP, but guardian.
Snort only rise an alert.
You can add your ip adress to /etc/guardian.ignore

Regards.

Offline alt-network

  • **
  • 47
  • +0/-0
    • http://www.alt-networking.com
Custom rules for snort
« Reply #2 on: August 03, 2006, 01:17:27 AM »
Will it work if I put a domain name/hostname in the /etc/guardian.ignore

Thanks

Offline MasterSleepy

  • *
  • 386
  • +0/-0
    • http://www.vanhees.cc
Custom rules for snort
« Reply #3 on: August 03, 2006, 03:03:08 PM »
Hello,

No only one ip adress.

Regards.