4. Syntax in Suricata YAML re: port ranges

Syntax in Suricata YAML re: port ranges

  • E

    I'm attempting to edit the Suricata template at /usr/local/pkg/suricata/suricata_yaml_template.inc to add some port variables in the "port-groups:" section for use in custom rules.  Looking at the docs, it seems like I can't add a range of ports like in Snort (i.e. 0:500), but that I must enumerate each one?

    Am I understanding this correctly?  Am I going about this the right way?  Snipped below,

    
# Holds the port group vars that would be passed in a Signature.
  port-groups:
    {$port_vars}
     Allowed: "[1,2,3,4]"
     NotAllowed: "[1:4]"
    0
  • E

    Found a discussion on the subject here,

    http://stackoverflow.com/questions/3337020/how-to-specify-ranges-in-yaml

    For anyone happening upon this I gave up, because it looks unsupported,  and just lived without the alias.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy