For those of you who have upgraded to Snort 2.8.0, I have a quick tip for you. If you hadn’t heard yet, Snort no longer supports the use of the dsize directive within snort rules. Thankfully, the existing rules that use this directive, don’t cause Snort to crash. However, as we all know, the fewer rules Snort has to process, the better it performs. So how do you disable all the rules that use dsize?

It’s really more simple then you might think.