On Sun, 10 Apr 2011, Jonathan Nichols wrote:
back on topic... is there a way to lower the score for a particular
ruleset for certain hosts/clients?
I assume you don't want to just use whitelist_from_rcvd for this?
An alternative would be to write a header rule that checks the last
external hop for the target hosts/clients (by name or, more reliably if
not dynamic, by IP address), and score it a few points negative. If you
want to be more specific, write metas that join the "specific host/client"
rule and the other particular rules you want to offset, and score the
metas instead.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
...every time I sit down in front of a Windows machine I feel as
if the computer is just a place for the manufacturers to put their
advertising. -- fwadling on Y! SCOX
-----------------------------------------------------------------------
3 days until Thomas Jefferson's 268th Birthday