Re: Variable

[Erek Adams <erek () theadamsfamily net>]

[I'm out of coffee and I'm pissed, so someone correct me if need be.]

On Wed, 22 Aug 2001 john.ruff () us abb com wrote:

> If I want my $HOME_NET variable to be any address except one specific address
> could I use a declaration like so:
>
> 1 statement solution
> var HOME_NET ![192.168.1.10/24]

Nope.

> OR
>
> 2 statement solution
> var HOME_NET [192.168.1.10/24]
> var HOME_NET !$HOME_NET

Nope.

> OR would I have to declare the variable as :
>
> var HOME_NET [192.168.1.10/24]

Nope.

> then in my rules files implement each rule as:
>
> $EXTERNAL_NET any -> !$HOME_NET any

a /24 is an entire class C block.  You want a /32 which is one host.

I _think_ it would be:

var HOME_NET [192.168.1.0/24,!192.168.1.1]

But, I've got no coffee, so I won't say it's gonna work.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users