Re: [Snort-inline-users] good rules

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Any issues with proper service operation due the change of all alert  
rules to drop?

Do you exclude any rule files from snort_inline.conf or do you use  
every single snort rule converted to drop?

Thank in advance,

Rob

On Apr 15, 2008, at 5:33 PM, xyon wrote:

> I typically download the rules, then run oinkmaster configured with a
> regex to prefix all rules with "drop: " instead of "alert: ". I then  
> run
> snort (2.7.0) with the -Q switch.
>
> HTH