Koozali.org formerly Contribs.org

Custom rules for snort

Custom rules for snort
« on: August 01, 2006, 12:08:44 PM »
Hi,

Snort will block my remote IP adres after a while, which can be anoying when I went to access the server. I do not like to wait for a day.

Does anyone have experience in making pass-rules for snort. The snort manual is a bit expert for me.

Maybe it is handy to pass the IP adresses defined in the remote acces pannel and ports defined in port-forwarding. Or a whitelist managed from sever-manager.
...
Yes, I can ask more questions then you can answer  8-)
...

Custom rules for snort
« Reply #1 on: August 01, 2006, 04:23:25 PM »
Hello,

It's not snort that block the IP, but guardian.
Snort only rise an alert.
You can add your ip adress to /etc/guardian.ignore

Regards.

Custom rules for snort
« Reply #2 on: August 03, 2006, 01:17:27 AM »
Will it work if I put a domain name/hostname in the /etc/guardian.ignore

Thanks

Custom rules for snort
« Reply #3 on: August 03, 2006, 03:03:08 PM »
Hello,

No only one ip adress.

Regards.