Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: External Subnets

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 25 Nov 2003 19:43:25 -0500
At 07:10 PM 11/25/2003, adam_peterson () splwg com wrote:

 it possible to specify a negative variable value for a variable?  Meaning:

var EXTERNAL_NET        !HOME_NET
The bang is just an idea of something that would negate the value so that my external_net variable would be any ip/subnet that isn't part of the home_net variable. Is there anything in place to allow for this? Could there be? Since so many of the rules are based on the external_net variable, it's very frustrating that it must be set to ANY for my configurations because I can't specifiy every subnet on the Internet...or can I? 

Yes, you can do that.. lots of people use that exact setting.

1) make sure HOME_NET has proper braces around it if it's multiple IP ranges.
2) make sure HOME_NET isn't "any".. because !any is nothing.




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: