[Oisf-users] Pass and Drop

Martin Spinassi martins.listz at gmail.com
Tue Jun 15 13:24:30 UTC 2010


Hello list!

Probably this is a silly question, but just can't find where is the answer.

When a pass rule is created for some criteria, does it means that all
the other filters with the same criteria are skipped?
I'll explain myself with an example.

Suppose that I want to set a web server behind suricata, and want to
let all the HOME_NET users to access it. I want to let those users
access the web server, but also want to have some filter in case that
I have an internal attack.

How does it work in that case? Will suricata let HOME_NET users access
the server, and also check that no one tries nasty things to it (like
sql injection for example)?

Thanks!

Best regards,

Martin



More information about the Oisf-users mailing list