Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Syntax in Suricata YAML re: port ranges

    IDS/IPS
    1
    2
    1355
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eldog last edited by

      I'm attempting to edit the Suricata template at /usr/local/pkg/suricata/suricata_yaml_template.inc to add some port variables in the "port-groups:" section for use in custom rules.  Looking at the docs, it seems like I can't add a range of ports like in Snort (i.e. 0:500), but that I must enumerate each one?

      Am I understanding this correctly?  Am I going about this the right way?  Snipped below,

      
      # Holds the port group vars that would be passed in a Signature.
        port-groups:
          {$port_vars}
           Allowed: "[1,2,3,4]"
           NotAllowed: "[1:4]"
      
      
      1 Reply Last reply Reply Quote 0
      • E
        eldog last edited by

        Found a discussion on the subject here,

        http://stackoverflow.com/questions/3337020/how-to-specify-ranges-in-yaml

        For anyone happening upon this I gave up, because it looks unsupported,  and just lived without the alias.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy