Parse::Snort::Strict - Parse Snort rules with validation of the rules
Parse Snort rules with validation regarding rule action, protocol and direction.
Look at Parse::Snort for more usage detail, as this is a subclass of it.
use Parse::Snort::Strict;
use Try::Tiny;
my $rule = Parse::Snort::Strict->new();
try {
$rule->parse($text);
}
catch {
warn "Unable to parse rule: $_";
};
You can only have the following actions
- alert
- generate an alert using the selected alert method, and then
- log
- log the packet
- pass
- ignore the packet
- activate
- alert and then turn on another dynamic rule
- dynamic
- remain idle until activated by an activate rule , then act as a log
rule
- drop
- block and log the packet
- reject
- block the packet, log it, and then send a TCP reset if the protocol is TCP
or an ICMP port unreachable message if the protocol is UDP.
- sdrop
- block the packet but do not log it.
You can only have the following protocols:
- tcp
- udp
- ip
- icmp
You can Only have the following directions
- "->"
- "<>"
- "<-"