Subj : Snort rule...
To   : Shurato
From : Shurato
Date : Thu Jan 02 2025 16:07:00


 Sh> I'm just looking for a simple rule to block traffic from a specific ip to
 Sh> mine from any port to  port 23 all the time.  I tried:

 Sh> alert tcp 123.192.96.98 any -> 192.168.0.1/24 23 (msg:"Blocked IP";
 Sh> action: drop;)

 Sh> But action is an unknown rule command...  I found that with "alert ip",
 Sh> but I couldn't get that to work either. This should be really
 Sh> simple...  I'm not trying to create a complex rule. This rule of
 Sh> course is all on one line.

Ok, I found block instead of alert and no  parenthesis if that'll work.

--
Shurato, Sysop Shurato's Heavenly Sphere (ssh, telnet, pop3, ftp,nntp,
,wss) (Ports 22,23,110,21,119,999) (ssh login 'bbs' password 'shsbbs')


*** THE READER V4.50 [freeware]
---
 * Origin: Shurato's Heavenly Sphere telnet://shsbbs.net (618:300/50)

.