[Oisf-users] suricata-update modify does not appear to work any more ?
Russell Fulton
r.fulton at auckland.ac.nz
Tue Apr 30 22:50:48 UTC 2019
I have just realised that my rules in the modify.conf appear to be being ignored.
I get a line saying that the file has been read but I don’t see any “Modifying … “ message in the debug output and the rules remain unchanged. I don’t know when it stopped working.
There are no warnings or errors...
I have a hand full of rules that I want want to change the address filters for (. e.g. $HOME_NET) to exclude particular hosts.
sample rule:
2014734 "\$HOME_NET" "[\$HOME_NET, !130.216.2.97]"
Russell
More information about the Oisf-users
mailing list