On Wed, Mar 05, 2003 at 02:45:48PM -0600, Holland, Scott wrote:
> I am getting a parse error with this filter:
> port 80 net 10.0.8.0 mask 255.255.255.0 not 10.0.8.22
> can someone tell me what is wrong
You're not using "and" to combine multiple tests, such as the tests
"port 80", "net 10.0.8.0 mask 255.255.255.0", and "not 10.0.8.22".
> or what syntax I need to use?
port 80 and net 10.0.8.0 mask 255.255.255.0 and not 10.0.8.22
or, as per my other mail:
port 80 and net 10.0.8.0/24 and not 10.0.8.22
> I am looking for port 80
...which probably means you're looking for HTTP, in which case you're
really looking for *TCP* port 80. If so, then
tcp port 80 and net 10.0.8.0 mask 255.255.255.0 and not 10.0.8.22
or
tcp port 80 and net 10.0.8.0/24 and not 10.0.8.22
wouldn't have to check for UDP port 80, and thus does a little less
work.
