[Oisf-users] "app-layer-protocol:DNS" not working.
Amin Saba
amn.brhm.sb at gmail.com
Tue Dec 19 13:14:56 UTC 2017
I have the following ruleset which is supposed to drop all traffic except
udp DNS.
I send traffic to this suricata instance via a divert socket (in FreeBSD).
pass udp any any -> any any (msg:"Allow DNS"; app-layer-protocol:dns;
sid:22710040;)
pass icmp any any -> any any (msg:"Allow ICMP"; flow:established;
itype:>0; sid:22710041; rev:1;)
drop ip any any -> any any (msg:"Illegal traffic."; sid:22710042; rev:1;)
Suricata drops all dns request traffic with the alert log of the last rule.
Can you please help me with this issue?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20171219/f40ea5d3/attachment.html>
More information about the Oisf-users
mailing list