Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002350Endian FirewallOther Scriptspublic2009-10-31 16:442010-09-23 17:25
ReporterRenee 
Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version2.3 
Target VersionfutureFixed in Version 
Summary0002350: Snort rules editor can´t set custom rules to drop
DescriptionI can´t set the custom rules under rules Action to drop the editor ignores the changes when I write the rules set in the config file /var/efw/snort/policies by hand to drop it works and the rules editor show the changes.And if she takes over then to the processed.rules file.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0003205)
Renee (reporter)
2009-11-01 15:21

I have found one more mistake namely if custom rules were high loaded and the heels with rules SNORT automatically download out is made the existing automatic rules are not written any more in /etc/snort/processed.rules.
(0003387)
peter-endian (administrator)
2009-11-25 17:08

cannot reproduce this.
Can you please explain step by step what exactly you did and what exactly does not work correctly then thereafter?

can it be that you have rules with the same sids as automatically downloaded rules and as custom rules? In this case the automatically downloaded rules will be used.
If you change the setting for one of these rules it will always affect both of them.

can you confirm this?
(0003401)
Renee (reporter)
2009-11-25 20:34

I used the rules from http://www.emergingthreats.net/ [^] and as custom rules the rules set from snort.org when I uploaded the Custom rules the rules have under rules action the policy alert when I would change the rules set to drop the editor ignores the change and the policy are alert again.If I look in the processed.rules the new rules are written but only alert not drop the sids are not the same then when I wrote the custom rules under /var/efw/snort/policies to drop it works the editor show it as drop but I can´t change the set back to alert this goes only under the option editor but I can´t wrote any custom rule only to drop or alert.

- Issue History
Date Modified Username Field Change
2009-10-31 16:44 Renee New Issue
2009-11-01 15:21 Renee Note Added: 0003205
2009-11-25 17:08 peter-endian Note Added: 0003387
2009-11-25 17:08 peter-endian Status new => feedback
2009-11-25 17:08 peter-endian Target Version => future
2009-11-25 20:34 Renee Note Added: 0003401
2010-09-23 17:25 peter-endian Status feedback => acknowledged

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker