[Oisf-users] Pass and Drop
Martin Spinassi
martins.listz at gmail.com
Wed Jun 16 13:36:37 UTC 2010
On Tue, 2010-06-15 at 13:19 -0400, Brant Wells wrote:
> Hey Guys.,
>
>
> I've been following this discussion this morning but haven't had a
> chance to reply...
>
> If you want to let Suricata pass traffic from your HOME_NET, then why
> add any rules at all? You can still what is being done to that host
> via the HTTP logs (both from Suricata and on that host itself). Then,
> you are free to add any rules that you need in order to detect actual
> attacks... Or am I misinterpreting what you are trying to accomplish?
>
>
> See Yas!
> ~Brant
Hello Brant,
Thanks, I think your mail clarified my question.
The rules should alert or drop based on an specific attack, otherwise,
if no rule matched, suricata let it pass, am I right? In that case,
traffic should pass at least an attack is detected, right?
Best regards,
Martin
More information about the Oisf-users
mailing list