Subj : Snort rule...
To   : All
From : Shurato
Date : Thu Jan 02 2025 15:24:00

I'm just looking for a simple rule to block traffic from a specific ip to
mine from any port to  port 23 all the time.  I tried:

alert tcp 123.192.96.98 any -> 192.168.0.1/24 23 (msg:"Blocked IP"; action:
drop;)

But action is an unknown rule command...  I found that with "alert ip", but I
couldn't get that to work  either.  This should be really simple...  I'm not
trying to create a complex rule.  This rule of course is all on one line.

--
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss) (Ports 22,23,110,21,119,999) (ssh login 'bbs' password 'shsbbs')


*** THE READER V4.50 [freeware]
---
 * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (618:300/50)

.