#####    Current Database Updated -- 03/09/2001

##### Variables
#var EXTERNAL_NET !172.16.1.0/24
var EXTERNAL_NET any
var HOME_NET     172.16.1.0/24
var INTERNAL     172.16.1.0/24
var SMTP         172.16.1.0/24
var HTTP_SERVERS 172.16.1.0/24
var PORTS    5
var SECONDS  15

##### Preprocessors
preprocessor http_decode: 80 443 8080
preprocessor minfrag: 128
#preprocessor defrag
#preprocessor portscan: $HOME_NET $PORTS $SECONDS /var/adm/snort/portscan

##### Output
#output alert_syslog: LOG_AUTH LOG_ALERT
#output alert_full: /var/adm/snort/alerts

##### What do we log
# Logging tcp
log tcp any any <> $INTERNAL any (session: printable;)
log tcp any any <> $INTERNAL any

# Logging udp
pass udp $INTERNAL any <> any 53
log udp any any <> $INTERNAL any (session: printable;)
log udp any any <> $INTERNAL any

# Logging icmp
log icmp any any <> $INTERNAL any (session: printable;)
log icmp any any <> $INTERNAL any