Hi,
If I use webconfig to exclude a range of IPs from being blocked in Snort, I get informed the address is incorrect. I'm trying to whitelist our data center systems with 200~ active IPs, so the office obviously won't hit a false positive...
Formats attempted (For the sake of the example, I know these are DNS).
8.8.8.0/24
8.8.8.1-255
If I edit /etc/snortsam.d/webconfig-whitelist.conf manually to include the addresses, everything appears in webconfig and the correct function appears to be available.
Which is the preferred method for a range?
-B
If I use webconfig to exclude a range of IPs from being blocked in Snort, I get informed the address is incorrect. I'm trying to whitelist our data center systems with 200~ active IPs, so the office obviously won't hit a false positive...
Formats attempted (For the sake of the example, I know these are DNS).
8.8.8.0/24
8.8.8.1-255
If I edit /etc/snortsam.d/webconfig-whitelist.conf manually to include the addresses, everything appears in webconfig and the correct function appears to be available.
Which is the preferred method for a range?
-B
Share this post:
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »