Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: rmoria on August 01, 2006, 12:08:44 PM

Title: Custom rules for snort
Post by: rmoria on August 01, 2006, 12:08:44 PM

Hi,

Snort will block my remote IP adres after a while, which can be anoying when I went to access the server. I do not like to wait for a day.

Does anyone have experience in making pass-rules for snort. The snort manual is a bit expert for me.

Maybe it is handy to pass the IP adresses defined in the remote acces pannel and ports defined in port-forwarding. Or a whitelist managed from sever-manager.

Title: Custom rules for snort
Post by: MasterSleepy on August 01, 2006, 04:23:25 PM

Hello,

It's not snort that block the IP, but guardian.
Snort only rise an alert.
You can add your ip adress to /etc/guardian.ignore

Regards.

Title: Custom rules for snort
Post by: alt-network on August 03, 2006, 01:17:27 AM

Will it work if I put a domain name/hostname in the /etc/guardian.ignore

Thanks

Title: Custom rules for snort
Post by: MasterSleepy on August 03, 2006, 03:03:08 PM

Hello,

No only one ip adress.

Regards.