Snort Suppression - ordering and tagging entries?



  • Hi all

    I've been looking around on the pfsense forums and snort and not really found my answers.

    I am wondering if for optimisation purposes is it better to list supression entries in a particular order?  eg in order of gen_id and sig_id?  So my example below I would move the 2nd entry to the top of the list.

    suppress gen_id 120, sig_id 3
    suppress gen_id 119, sig_id 2
    suppress gen_id 3, sig_id 19187, track by_src, ip 208.67.222.220

    Additionally is it possibe to add a tag to the end of each entry?

    eg:

    suppress gen_id 3, sig_id 19187, track by_src, ip 208.67.222.220 : Opendns Server

    Thank you in advance for any help/advice.

    Cheers



  • It is not possible today but patches are accepted.


Locked