EFW Support

Support => General Support => Topic started by: rainstorm on Monday 10 December 2012, 08:07:25 pm



Title: [SOLVED] But read this may be help your IPS custom rules
Post by: rainstorm on Monday 10 December 2012, 08:07:25 pm
Hi ,
I'm very newbie.
I want to add this line to the /etc/snort/vars
portvar FILE_DATA_PORTS ($HTTP_PORTS,110,143).   (for the custom rules)

but after restart snort service that return default. (no line)
thank you.

[solution]
always edit .tmpl, .old , .conf files.

but IPS(snort) have a problem with custom rules (downloaded from snort.org with oinkmastercode.)
you must change in the all rules "threshold" to "detection_filter"

www_google.com_tr/search?hl=en&tbo=d&sclient=psy-ab&q=threshold+vs+detection_filter&oq=threshold+vs+detection_filter&gs_l=hp.3...1291333.1303535.0.1303986.29.27.0.0.0.0.560.5103.0j14j3j0j1j3.21.0.les%3B..0.0...1c.1.wyromgRI-8g&pbx=1&bpcl=40096503&biw=1280&bih=675&cad=b&cad=cbv&sei=xUnUUPbcKI-HhQeE-YHgBQ