Setting a Dynamic Rule State from the Rules Page
You can set one or more dynamic rule states for a rule. The first dynamic rule state listed has the highest priority. When two dynamic rule states conflict, the action of the first is carried out.
Dynamic rule states are policy-specific.
A Revert appears in a field when you enter an invalid value; click it to revert to the last valid value for that field or to clear the field if there was no previous value.
Note | Dynamic rule states cannot enable disabled rules or drop traffic that matches disabled rules. |
Procedure
Step 1 | Choose . | ||||
Step 2 | Click Snort 2 Version next to the policy you want to edit. If View ( | ||||
Step 3 | Click Rules immediately under Policy Information in the navigation pane. | ||||
Step 4 | Choose the rule or rules where you want to add a dynamic rule state. | ||||
Step 5 | Choose . | ||||
Step 6 | Choose a value from the Track By drop-down list. | ||||
Step 7 | If you set Track By to Source or Destination, enter the address of each host you want to track in the Network field. You can specify a single IP address, address block, variable, or a comma-separated list comprised of any combination of these. | ||||
Step 8 | Next to Rate, specify the number of rule matches per time period to set the attack rate:
| ||||
Step 9 | From the New State drop-down list, specify the new action to be taken when the conditions are met. | ||||
Step 10 | Enter a value in the Timeout field. After the
timeout occurs, the rule reverts to its original state. Specify
| ||||
Step 11 | Click OK.
| ||||
Step 12 | To save changes you made in this policy since the last policy commit, click Policy Information, then click Commit Changes. If you leave the policy without committing changes, changes since the last commit are discarded if you edit a different policy. |
What to do next
-
Deploy configuration changes.