next up previous contents
Next: React Up: Active Response Previous: Configure Sniping   Contents


Flexresp

Flexresp and flexresp2 are replaced with flexresp3.

* Flexresp is deleted; these features are no longer avaliable: 

    ./configure --enable-flexresp / -DENABLE_RESPOND -DENABLE_RESPONSE
    config flexresp: attempts 1

* Flexresp2 is deleted; these features are deprecated, non-functional, and will be deleted in a future release: 

    ./configure --enable-flexresp2 / -DENABLE_RESPOND -DENABLE_RESPONSE2

    config flexresp2_interface: eth0
    config flexresp2_attempts: 4
    config flexresp2_memcap: 1000000
    config flexresp2_rows: 1000

* Flexresp3 is new: the resp rule option keyword is used to configure active responses for rules that fire. 

    ./configure --enable-flexresp3 / -DENABLE_RESPOND -DENABLE_RESPONSE3

    alert tcp any any -> any 80 (content:"a"; resp:<resp_t>; sid:1;)

* resp_t includes all flexresp and flexresp2 options: 

    <resp_t> ::= \
        rst_snd | rst_rcv | rst_all | \
        reset_source | reset_dest | reset_both | icmp_net | \
        icmp_host | icmp_port | icmp_all


Eugene Misnik 2013-05-08