Workaround
The user can create a custom Snort variable with the port list and modify their rule(s) to use this variable.
Further Problem Description
When uploading custom Snort 3 rules via the FMC, the rule validation fails if the rule contains a port list in the rule header. Using a port list is a valid rule option, however the FMC is not allowing these rules to be imported.
For example, this rule fails to import and generates a validation error on the FMC.
block $HOME_NET any -> $EXTERNAL_NET [21, 22, 23]
( msg:"Test multiple ports in header";
flow:from_server,established;
file_data;
content:"ActiveXObject",nocase,distance 0;
sid:1300001;
rev:1; )
The validation error message is:
VALIDATION
Invalid port : [21, 22, 23]
