Table 19 Supported Snort Keywords for Static and Dynamic Rules

Keyword

Static

Dynamic

 

 

 

depth

No

No

 

 

 

dsize

Yes

No

 

 

 

flags

Yes

Yes, no wild card

 

 

 

flow

Yes

No

 

 

 

fragbits

Yes

No

 

 

 

fragoffset

Yes

No

 

 

 

icmp_id

Yes

Yes

 

 

 

icmp_seq

Yes

Yes

 

 

 

icode

Yes

Yes

 

 

 

id

Yes

Yes

 

 

 

ip_proto

Yes

Yes

 

 

 

itype

Yes

Yes

 

 

 

offset

No

No

 

 

 

nocase

Yes

No

 

 

 

protocol

ICMP, UDP, TCP, IP

ARP, ICMP, UDP, TCP, IP

 

 

 

seq

Yes

Yes

 

 

 

source address

Yes

Only /8/16/24/32 masks

 

 

 

destination address

Yes

Only /8/16/24/32 masks

 

 

 

source port

Yes

Yes, no ranges

 

 

 

destination port

Yes

Yes, no ranges

 

 

 

tos

Yes

Yes

 

 

 

ttl

Yes

Yes

 

 

 

uricontent

Yes, no negative.

No

 

 

 

window

Yes

No

 

 

 

within

No

No

 

 

 

P-Series Installation and Operation Guide, version 2.3.1.2

67

Page 66 Page 68
Page 67
Image 67
Force10 Networks 100-00055-01 manual Seq Yes, Yes Only /8/16/24/32 masks, Yes Yes, no ranges
Page 66 Page 68
Top Page Image Contents