Snort Suppression - ordering and tagging entries?
-
Hi all
I've been looking around on the pfsense forums and snort and not really found my answers.
I am wondering if for optimisation purposes is it better to list supression entries in a particular order? eg in order of gen_id and sig_id? So my example below I would move the 2nd entry to the top of the list.
suppress gen_id 120, sig_id 3
suppress gen_id 119, sig_id 2
suppress gen_id 3, sig_id 19187, track by_src, ip 208.67.222.220Additionally is it possibe to add a tag to the end of each entry?
eg:
suppress gen_id 3, sig_id 19187, track by_src, ip 208.67.222.220 : Opendns Server
Thank you in advance for any help/advice.
Cheers
-
It is not possible today but patches are accepted.