[Oisf-users] Suricata - test rule ignored/not dropping.
Anas.B
a.bouhsaina at gmail.com
Tue Jul 27 13:48:13 UTC 2010
Please, Can you help me
I'm too pressed.
Regards
A..
2010/7/27 Anas.B <a.bouhsaina at gmail.com>
> Yes,
>
> I'm connected from my host wich get connection from the Bridge !
>
> is there any other configuration that I should add ?
>
> A..
>
> 2010/7/27 Victor Julien <victor at inliniac.net>
>
>> Anas.B wrote:
>>
>> > Good morning,
>> >
>> > This is my case :
>> >
>> > Bridging is successful since I have net connection in my host
>> >
>> > ---Net-Router(172.20.81.1)-----<- Bridge (suricata in computer (with 2
>> > cards) ->------ my host (172.20.81.101)
>> >
>> > br0 eth1 eth0
>> > *But* when i tried this rule :
>> >
>> > drop tcp 172.20.81.101 any -> any any (content:"facebook";
>> > msg:"Attention, Facebook !!!"; sid:1000002; rev:1;)
>> > or :
>> > drop tcp any any -> any any (content:"facebook"; msg:"Attention,
>> > Facebook !!!"; sid:1000002; rev:1;)
>> >
>> >
>> > I just have an alert, but I can enter to facebook.........!!!
>>
>> I suspect something is wrong with your bridge because with that last
>> rule it drops access to facebook just fine here.
>>
>> Cheers,
>> Victor
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100727/ed5699c2/attachment-0002.html>
More information about the Oisf-users
mailing list