Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [$HOME_NET, !192.168.1.222, !192.168.1.223] ? (subnet except specific IPs)

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 07 Aug 2007 11:27:30 -0400
Yakov Lerner wrote:

Does this do what I'm thinking it would do:
    [$HOME,!192.168.1.222,!192.168.1.223]
, that is, subnet except specific IPs ?


No, that subnets the entire world.

The commas are effectively "OR" statements, so just this part:
[!192.168.1.222,!192.168.1.223] will match any IP address.

Anything that is not 192.168.1.222 OR anything that is not 192.168.1.223.

The first clause will match all IPs except 192.168.1.222, and the second clause
will match  192.168.1.222, among many others. The net result is everything.

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: