[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-devel
Subject:    [Snort-devel] snort3 - flushing active states
From:       Özkan_KIRIK_via_Snort-devel <snort-devel () lists ! snort ! org>
Date:       2020-08-01 14:24:34
Message-ID: CAAcX-AE46K0kQyckUBSgG1oMDorUd9pNzc0nLhW0xx0Y3ZtK0g () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello,

Is it possible flush all state table in snort3?
I need this feature for ruleset changes.

Think that I have a rule with action pass. Start a traffic that matches
with this rule. And then I change the action with block and reload ruleset
using killall -HUP snort.
Flow is still being passed event rule action reloaded with block action.
If I stop & start snort3 everything works fine. I think, we need to flush
the states.
And also is it possible to flush states that belongs to single source
address or single destionation address? (E.g. flush states for a client IP)

Regards

[Attachment #5 (text/html)]

<div dir="ltr">Hello,<div><br></div><div>Is it possible flush all state table  in \
snort3?  </div><div>I need this feature for ruleset \
changes.</div><div><br></div><div>Think that I have a rule with action pass. Start a \
traffic that matches with this rule. And then I change the action with block and \
reload ruleset using killall -HUP snort.  </div><div>Flow is still being passed event \
rule action reloaded with block action.  

If I stop &amp; start snort3 everything works fine. I think, we need to flush the \
states.</div><div>And also is it possible to flush states that belongs to single \
source address or single destionation  address? (E.g. flush states for a client \
IP)</div><div><br></div><div>Regards</div></div>



_______________________________________________
Snort-devel mailing list
Snort-devel@lists.snort.org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic