General Settings |
Enable |
Enable or Disable\n";
?>
|
Interface |
Choose which interface this rule applies to.
Hint: in most cases, you'll want to use WAN here.
|
Description |
You may enter a description here for your
reference (not parsed).
|
Memory Performance |
Lowmem and ac-bnfa are recommended for low end
systems, Ac: high memory, best performance, ac-std: moderate
memory,high performance, acs: small memory, moderateperformance,
ac-banded: small memory,moderate performance, ac-sparsebands: small
memory, high performance.
|
Choose the networks
snort should inspect and whitelist. |
Home net |
Choose the home net you will like this rule to
use. Note: Default home
net adds only local networks.
Hint: Most users add a list of
friendly ips that the firewall cant see.
|
External net |
Choose the external net you will like this rule
to use. Note: Default
external net, networks that are not home net.
Hint: Most users should leave this
setting at default.
|
Block offenders |
onClick="enable_blockoffenders()">
Checking this option will automatically block hosts that generate a
Snort alert. |
Kill states |
>
Should firewall states be killed for the blocked ip
|
Which ip to block |
Which ip extracted from the packet you want to block
|
Whitelist |
Choose the whitelist you will like this rule to
use. Note: Default
whitelist adds only local networks.
Note: This option will only be used when block offenders is on.
|
Suppression and filtering |
Choose the suppression or filtering file you
will like this rule to use. Note: Default
option disables suppression and filtering. |
Checksum checking |
>
If ticked checksum checking on snort will be disabled to improve performance.
Most of this is already done on the firewall/filter level
|
Choose the types of
logs snort should create. |
Send alerts to main
System logs |
onClick="enable_change(false)">
Snort will send Alerts to the firewall's system logs. |
Log to a Tcpdump file |
onClick="enable_change(false)">
Snort will log packets to a tcpdump-formatted file. The file then
can be analyzed by an application such as Wireshark which
understands pcap file formats. WARNING:
File may become large. |
Log Alerts to a snort
unified2 file |
onClick="enable_change(false)">
Snort will log Alerts to a file in the UNIFIED2 format. This is a
requirement for barnyard2. |
Arguments here will
be automatically inserted into the snort configuration. |
Advanced configuration pass through |
|
|
|
|
Note:
Please save your settings before you click start.
|