[Oisf-users] How do I get IPF mode to, well, P?
James Moe
jimoe at sohnen-moe.com
Wed Mar 9 18:06:14 UTC 2016
On 03/04/2016 05:06 PM, Andreas Herz wrote:
>> > I see this in <fast.log>, thinking the packet should be dropped:
>> > 03/04/2016-13:34:38.972801 [**] [1:2402000:3998] ET DROP Dshield Block
>> > Listed Source group 1 [**] [Classification: Misc Attack] [Priority: 2]
>> > {TCP} 185.130.5.98:43578 -> 192.168.69.246:587
>
> Did you convert the alert rule to a drop rule?
> I guess not as the DROP in front of the [**] is missing.
>
Looking at this more I realize I do not know what you mean by
"converting" the rule. It is not simply changing the word "alert" to
"drop"; the rules file would be overwritten each time it is updated.
How do I permanently convert a rule from alert to drop?
--
James Moe
moe dot james at sohnen-moe dot com
520.743.3936
More information about the Oisf-users
mailing list