Snort mailing list archives
Re: single ip address
From: Erek Adams <erek () theadamsfamily net>
Date: Thu, 21 Feb 2002 17:39:59 -0800 (PST)
On Thu, 21 Feb 2002, Scott Taylor wrote:
I'm having a hard time finding info on applying rules to a single IP addy. For instance if I want to ignore a single IP address what would the pass rule look like? pass tcp 192.168.12.4 -> any any or do I need a /24 on the end of the IP?
Nope. A /24 means an 256 addresses. You want a /32. CIDR Subnet Mask Subnets Addresses Available Hosts /24 - 255.255.255.0 - 1 subnet - 256 addresses - 254 available hosts /25 - 255.255.255.128 - 2 subnets - 128 addresses - 126 available hosts /26 - 255.255.255.192 - 4 subnets - 64 addresses - 62 available hosts /27 - 255.255.255.224 - 8 subnets - 32 addresses - 30 available hosts /28 - 255.255.255.240 - 16 subnets - 16 addresses - 14 available hosts /29 - 255.255.255.248 - 32 subnets - 8 addresses - 6 available hosts /30 - 255.255.255.252 - 64 subnets - 4 addresses - 2 availabe hosts /32 - 255.255.255.255 - - 2 addresses - 1 available host
Would this work in the snort.conf under home_net?
CIDR Notation? Sure.
take 1 chug and kiss the person on your right.
Well, since that's my sleeping cat, I don't want to wake her, she might demand petting. ;-) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- single ip address Scott Taylor (Feb 21)
- Re: single ip address Erek Adams (Feb 21)
- <Possible follow-ups>
- RE: single ip address Erickson Brent W KPWA (Feb 21)
- Re: single ip address Phil Wood (Feb 21)