Snort mailing list archives
Re: Exclude one IP
From: Joel Esler <joel.esler () sourcefire com>
Date: Tue, 1 Nov 2005 13:20:17 -0500
Matt, Thanks for your email, however, var HOME_NET [10.1.10.0/24,!10.1.10.24] var EXTERNAL_NET !$HOME_NETWill make HOME_NET everything in that range the HOME_NET except for that one machine, then makes EXTERNAL_NET everything else including that one machine.
If you wanted to, you could put the 10.1.10.24 IP in EXTERNAL_NET along with [!$HOME_NET]
Joel On Nov 1, 2005, at 12:03 PM, Matt Kettler wrote:
Joel Esler wrote:If you want to totally exclude it from analyzation, use a BPF filter atthe command line, "not host 10.1.10.24" If you want to exclude it from the HOME_NET var HOME_NET [10.1.10.0/24,!10.1.10.24] That should work for you..No.. That won't work.. that will resolve to match all IPs.That effectively reads as "If it is in 10.1.10.0/24 OR it is not 10.1.10.24,then it is a member of HOME_NET"
Current thread:
- Exclude one IP John Friedman (Nov 01)
- Re: Exclude one IP Joel Esler (Nov 01)
- Re: Exclude one IP Matt Kettler (Nov 01)
- Re: Exclude one IP Joel Esler (Nov 01)
- Re: Exclude one IP Joel Esler (Nov 01)
- Re: Exclude one IP Paul Schmehl (Nov 01)
- Re: Exclude one IP Joel Esler (Nov 01)
- Re: Exclude one IP Matt Kettler (Nov 01)
- Re: Exclude one IP Joel Esler (Nov 01)
- Re: Exclude one IP Matt Kettler (Nov 01)
- RE: Exclude one IP Paul Melson (Nov 02)
- Re: Exclude one IP Joel Esler (Nov 02)
- Re: Exclude one IP Matt Kettler (Nov 01)
- Re: Exclude one IP Joel Esler (Nov 01)