[Oisf-users] Suricata - test rule ignored/not dropping.
Victor Julien
victor at inliniac.net
Tue Jul 27 09:04:55 UTC 2010
Anas.B wrote:
> Good morning,
>
> This is my case :
>
> Bridging is successful since I have net connection in my host
>
> ---Net-Router(172.20.81.1)-----<- Bridge (suricata in computer (with 2
> cards) ->------ my host (172.20.81.101)
>
> br0 eth1 eth0
> *But* when i tried this rule :
>
> drop tcp 172.20.81.101 any -> any any (content:"facebook";
> msg:"Attention, Facebook !!!"; sid:1000002; rev:1;)
> or :
> drop tcp any any -> any any (content:"facebook"; msg:"Attention,
> Facebook !!!"; sid:1000002; rev:1;)
>
>
> I just have an alert, but I can enter to facebook.........!!!
I suspect something is wrong with your bridge because with that last
rule it drops access to facebook just fine here.
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list