Merge pull request #2770 in SNORT/snort3 from ~SVLASIUK/snort3:doc_ips_states to...

author Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>

Fri, 5 Mar 2021 14:06:03 +0000 (14:06 +0000)

committer Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>

Fri, 5 Mar 2021 14:06:03 +0000 (14:06 +0000)
author Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
Fri, 5 Mar 2021 14:06:03 +0000 (14:06 +0000)
committer Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
Fri, 5 Mar 2021 14:06:03 +0000 (14:06 +0000)
diff --git a/doc/user/tutorial.txt b/doc/user/tutorial.txt

index 4d8ff2ad4f4f463461ee1e0d3b3de28f06c7c3f0..b23c15a8f23efbec2097d9d6ee824e42d141f09b 100644 (file)
--- a/doc/user/tutorial.txt
+++ b/doc/user/tutorial.txt
@@ -227,6 +227,12 @@ There are multiple ways to load rules too:
  
  * Use --lua to specify one or more rules as a command line argument.
  
+Ips states are similar to ips rules, except that they are parsed after the rules.
+That way rules can be overwritten in custom policies.
+
+States without the 'enable' option are loaded as stub rules with default gid:0, sid:0.
+A user should specify 'gid', 'sid', 'enable' options to avoid dummy rules.
+
  Output Files
  
  To make it simple to configure outputs when you run with multiple packet
author	Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
	Fri, 5 Mar 2021 14:06:03 +0000 (14:06 +0000)
committer	Bhagya Tholpady (bbantwal) <bbantwal@cisco.com>
	Fri, 5 Mar 2021 14:06:03 +0000 (14:06 +0000)