Snort mailing list archives
Re: Excluding a single IP from HOME_NET
From: Cees <celzinga () gmail com>
Date: Fri, 30 May 2008 16:59:41 +0200
Didn't know about the "-o" flag, but that won't work after in my setup - I'm interested in traffic to and from the proxy server.
If however we want proxy to *not be part of external_net* then we can do
this:
var EXTERNAL_NET !10.0.0.0/8
Thanks for testing. The proxy should be excluded from HOME_NET, but included in EXTERNAL_NET, so this won't work either.. Cees On Fri, May 30, 2008 at 3:03 PM, Jeff Kell <jeff-kell () utc edu> wrote:
Cees wrote:(BTW Jeff, a pass rule won't work since the IDS isn't placed inline.)If you use the pass rule, and run snort with "-o" so pass rules come first, the net effect is that your excluded IP matches the pass rule and no further rules are evaluated on that packet. Doesn't matter if you're inline or not. Jeff
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Excluding a single IP from HOME_NET Cees (May 29)
- Re: Excluding a single IP from HOME_NET Jeff Kell (May 29)
- Re: Excluding a single IP from HOME_NET Todd Wease (May 29)
- Re: Excluding a single IP from HOME_NET Cees (May 30)
- Re: Excluding a single IP from HOME_NET Jack Pepper (May 30)
- Re: Excluding a single IP from HOME_NET Jeff Kell (May 30)
- Re: Excluding a single IP from HOME_NET Cees (May 30)
- Re: Excluding a single IP from HOME_NET Jack Pepper (May 30)
- Message not available
- Re: Excluding a single IP from HOME_NET Cees (Jun 06)
- Re: Excluding a single IP from HOME_NET Cees (May 30)