###################################################
#
# This file contains the default snort configuration.
-# for all IPCop Versions
-# Unless you are totally happy with this file,please
+# for all IPFire Versions
+# Unless you are totally happy with this file, please
# only change whats needed
+# This file is automatically changed by
+# the webinterface, too.
#
# 1) Set the network variables for your network
# 2) Configure preprocessors
# 3) Configure output plugins
# 4) Customize your rule set
#
-# $Id: snort.conf,v 1.6.2.1 2005/04/28 18:38:49 gespinasse Exp $
-#
###################################################
# Only area a user needs to edit
include /etc/snort/vars
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0/24]
-var RULE_PATH /etc/snort
+var RULE_PATH /etc/snort/rules
###################################################
# Do NOT Edit past this line
include $RULE_PATH/classification.config
include $RULE_PATH/reference.config
#=========================================
-include $RULE_PATH/bad-traffic.rules
-include $RULE_PATH/exploit.rules
-include $RULE_PATH/scan.rules
-include $RULE_PATH/finger.rules
-include $RULE_PATH/ftp.rules
-include $RULE_PATH/telnet.rules
-include $RULE_PATH/rpc.rules
-include $RULE_PATH/rservices.rules
-include $RULE_PATH/dos.rules
-include $RULE_PATH/ddos.rules
-include $RULE_PATH/dns.rules
-include $RULE_PATH/tftp.rules
-
-include $RULE_PATH/web-cgi.rules
-include $RULE_PATH/web-coldfusion.rules
-include $RULE_PATH/web-iis.rules
-include $RULE_PATH/web-frontpage.rules
-include $RULE_PATH/web-misc.rules
-include $RULE_PATH/web-client.rules
-include $RULE_PATH/web-php.rules
-
-include $RULE_PATH/sql.rules
-include $RULE_PATH/x11.rules
-include $RULE_PATH/icmp.rules
-include $RULE_PATH/netbios.rules
-include $RULE_PATH/misc.rules
-include $RULE_PATH/attack-responses.rules
-include $RULE_PATH/oracle.rules
-include $RULE_PATH/mysql.rules
-include $RULE_PATH/snmp.rules
-
-include $RULE_PATH/smtp.rules
-include $RULE_PATH/imap.rules
-include $RULE_PATH/pop2.rules
-include $RULE_PATH/pop3.rules
-
-include $RULE_PATH/nntp.rules
-include $RULE_PATH/other-ids.rules
-# include $RULE_PATH/web-attacks.rules
-# include $RULE_PATH/backdoor.rules
-# include $RULE_PATH/shellcode.rules
-# include $RULE_PATH/policy.rules
-# include $RULE_PATH/porn.rules
-# include $RULE_PATH/info.rules
-# include $RULE_PATH/icmp-info.rules
-# include $RULE_PATH/virus.rules
-# include $RULE_PATH/chat.rules
-# include $RULE_PATH/multimedia.rules
-# include $RULE_PATH/p2p.rules
-# include $RULE_PATH/experimental.rules
-include $RULE_PATH/local.rules
+include $RULE_PATH/bleeding-attack_response.rules
+include $RULE_PATH/bleeding-botcc-BLOCK.rules
+include $RULE_PATH/bleeding-botcc.excluded
+include $RULE_PATH/bleeding-botcc.rules
+include $RULE_PATH/bleeding-botcc.rules.dragon.xml
+include $RULE_PATH/bleeding-dos.rules
+include $RULE_PATH/bleeding-drop-BLOCK.rules
+include $RULE_PATH/bleeding-drop.rules
+include $RULE_PATH/bleeding-drop.rules.dragon.xml
+include $RULE_PATH/bleeding-dshield-BLOCK.rules
+include $RULE_PATH/bleeding-dshield.rules
+include $RULE_PATH/bleeding-exploit.rules
+include $RULE_PATH/bleeding-game.rules
+include $RULE_PATH/bleeding-inappropriate.rules
+include $RULE_PATH/bleeding-malware.rules
+include $RULE_PATH/bleeding-p2p.rules
+include $RULE_PATH/bleeding-policy.rules
+include $RULE_PATH/bleeding-scan.rules
+include $RULE_PATH/bleeding-sid-msg.map
+include $RULE_PATH/bleeding-virus.rules
+include $RULE_PATH/bleeding-voip.rules
+include $RULE_PATH/bleeding-web.rules
+include $RULE_PATH/bleeding.rules
+include $RULE_PATH/community-bot.rules
+include $RULE_PATH/community-deleted.rules
+include $RULE_PATH/community-dos.rules
+include $RULE_PATH/community-exploit.rules
+include $RULE_PATH/community-ftp.rules
+include $RULE_PATH/community-game.rules
+include $RULE_PATH/community-icmp.rules
+include $RULE_PATH/community-imap.rules
+include $RULE_PATH/community-inappropriate.rules
+include $RULE_PATH/community-mail-client.rules
+include $RULE_PATH/community-misc.rules
+include $RULE_PATH/community-nntp.rules
+include $RULE_PATH/community-oracle.rules
+include $RULE_PATH/community-policy.rules
+include $RULE_PATH/community-sid-msg.map
+include $RULE_PATH/community-sip.rules
+include $RULE_PATH/community-smtp.rules
+include $RULE_PATH/community-sql-injection.rules
+include $RULE_PATH/community-virus.rules
+include $RULE_PATH/community-web-attacks.rules
+include $RULE_PATH/community-web-cgi.rules
+include $RULE_PATH/community-web-client.rules
+include $RULE_PATH/community-web-dos.rules
+include $RULE_PATH/community-web-iis.rules
+include $RULE_PATH/community-web-misc.rules
+include $RULE_PATH/community-web-php.rules