RE: Variables and Negation

["Schmehl, Paul L" <pauls () utdallas edu>]

Wouldn't $HTTP_SERVERS [!192.168.2.2/32] do the trick?  That excludes
the proxy only, which would by default include all the other hosts
defined in $HOME_NET since $HTTP_SERVERS is always used on the
destination side of a rule.  IOW, I think you're making this more
complex than it needs to be.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/



-----Original Message-----
From: Jason Luke [mailto:jluke () truarx com] 
Sent: Monday, March 17, 2003 1:48 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Variables and Negation


I cannot seem to get it right and didn't find a definitive answer on the
list. I have a variable $HOME_NET 192.168.0.0/16 I want to set
$HTTP_SERVERS to $HOME_NET except for 192.168.2.2, my  proxy. Can I do:
$HTTP_SERVERS [$HOME_NET, !192.168.2.2/32] ??

Is there a better way to exclude only one IP?


-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open!
Get cracking and register here for some mind boggling fun and
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users