RE: More on home_net and external_net

[Erek Adams <erek () theadamsfamily net>]

On Tue, 14 Aug 2001, Gisli Helgason wrote:

> Sorry bur I was not wery clear on what I wanted.

Hey, I hadn't had my coffee either!

> I want to see attacks originating on external and home with a destination of
> home.

then:

var $HOME_NET any

> I do not want to see attacks originating in home and with a destination of
> external.

Ugh...  To my limted knowledge, this isn't something you can do.  Most of the
rules use "$HOME_NET" to choose the rules.  You can dig thru the rules and
find all of the $HOME_NET -> $EXTERNAL_NET rules and comment them out.

That's the only way I can think of at the moment.  Anyone else got other
methods?

> I already have the configuration you gave me but I am missing all attacks
> from home to home.

It's not a simple one....  Good luck!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users