Snort mailing list archives

RE: Home and External networks

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Mon, 24 Feb 2003 15:55:53 -0500

You shouldn't need (but it shouldn't hurt) the set of brackets around the
network address, as you're only using one network address.  So: 

    var HOME_NET 10.0.0.0/8
    var EXTERNAL_NET !$HOME_NET

will work, or just: 

    var $EXTERNAL_NET !10.0.0.0/8

Cheers! 
- Christopher


-----Original Message-----
To: snort-users () lists sourceforge net
From: fred.hinchcliffe () us datex-ohmeda com
Date: Mon, 24 Feb 2003 11:11:56 -0600
Subject: [Snort-users] Home and External networks

When defining the network definitions in snort.conf, does anyone know if
the following syntax would be usable.

var $EXTERNAL_NET ![10.0.0.0/8]

I am trying to say everything but 10.0.0.0/8 is an external network like
when configuring an actual alert rule.


Thanks,

Fred

Current thread:

Home and External networks fred . hinchcliffe (Feb 24)
- <Possible follow-ups>
- Re: Home and External networks pro0digy (Feb 24)
- RE: Home and External networks L. Christopher Luther (Feb 24)