search

mrash / psad

psad: Intrusion Detection and Log Analysis with iptables
http://www.cipherdyne.org/psad/
GNU General Public License v2.0
390 stars 76 forks source link

issue in the auto_dl configuration file #51

Closed develtech1 closed 6 years ago

develtech1 commented 7 years ago

hi, I hope you will be fine. I have faced issue while white-listing my local network using auto_dl file. Actually, i want to ignore certain ports of udp & tcp against my local network and it is not working fine. However, it currently supports range of ports. I also need some information about my following configuration in the auto_dl. Can you check it please. i want different danger level for different ports and protocols.

10.10.1.0/24 3 tcp/22,tcp/999,tcp/80,tcp/443; 10.10.1.0/24 1 icmp; 10.10.1.0/24 1 udp/1.65536 ;

mrash commented 7 years ago

To have psad ignore certain ports, then use a danger level of zero. Also, for a port range, you need to use a "-" character. So, to ignore all UDP ports, you would do something like:

10.10.1.0/24 0 udp/1-65535

mrash commented 6 years ago

Closing this issue per my earlier comment.