Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Exclude one IP

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 01 Nov 2005 12:03:08 -0500
Joel Esler wrote:

If you want to totally exclude it from analyzation, use a BPF filter at
the command line, "not host 10.1.10.24"

If you want to exclude it from the HOME_NET

var HOME_NET [10.1.10.0/24,!10.1.10.24]

That should work for you..


No.. That won't work.. that will resolve to match all IPs.


That effectively reads as "If it is in 10.1.10.0/24 OR it is not 10.1.10.24,
then it is a member of HOME_NET"




-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: