1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Hello!
For the first rule it would look like this:
pass tls any any -> any any (tls.sni; dotprefix; content:".amazonaws.com"; nocase; endswith; flow:to_server, established; sid:123456)
The "dotprefix" option will let you pass all traffic going to subdomains of .amazonaws.com
The sid is just a random number, we recommend at least 6 unique digits for every rule to make it easier when you're searching logs.
For the second rule you would want something like this:
drop udp any any -> any 123 (flow:established; app-layer-protocol:!ntp; sid:123456;)
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 10 Monaten
- AWS OFFICIALAktualisiert vor 2 Jahren
- AWS OFFICIALAktualisiert vor 4 Jahren
- AWS OFFICIALAktualisiert vor 9 Monaten