From: Bhagya Tholpady (bbantwal) Date: Fri, 5 Mar 2021 14:06:03 +0000 (+0000) Subject: Merge pull request #2770 in SNORT/snort3 from ~SVLASIUK/snort3:doc_ips_states to... X-Git-Tag: 3.1.2.0~13 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a7ecd306c92eb98998b7a2af358da819c1b7fac;p=thirdparty%2Fsnort3.git Merge pull request #2770 in SNORT/snort3 from ~SVLASIUK/snort3:doc_ips_states to master Squashed commit of the following: commit 1c155320fdadbb0513af094e96f98d034bf91c25 Author: Serhii Vlasiuk Date: Tue Mar 2 14:35:09 2021 +0200 doc: update documentation for ips.states --- diff --git a/doc/user/tutorial.txt b/doc/user/tutorial.txt index 4d8ff2ad4..b23c15a8f 100644 --- a/doc/user/tutorial.txt +++ b/doc/user/tutorial.txt @@ -227,6 +227,12 @@ There are multiple ways to load rules too: * Use --lua to specify one or more rules as a command line argument. +Ips states are similar to ips rules, except that they are parsed after the rules. +That way rules can be overwritten in custom policies. + +States without the 'enable' option are loaded as stub rules with default gid:0, sid:0. +A user should specify 'gid', 'sid', 'enable' options to avoid dummy rules. + Output Files To make it simple to configure outputs when you run with multiple packet