On Sun, 10 Apr 2011, Jonathan Nichols wrote:

back on topic... is there a way to lower the score for a particular ruleset for certain hosts/clients?

I assume you don't want to just use whitelist_from_rcvd for this?

An alternative would be to write a header rule that checks the last external hop for the target hosts/clients (by name or, more reliably if not dynamic, by IP address), and score it a few points negative. If you want to be more specific, write metas that join the "specific host/client" rule and the other particular rules you want to offset, and score the metas instead.

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  ...every time I sit down in front of a Windows machine I feel as
  if the computer is just a place for the manufacturers to put their
  advertising.                                 -- fwadling on Y! SCOX
-----------------------------------------------------------------------
 3 days until Thomas Jefferson's 268th Birthday

Reply via email to