Snort mailing list archives
Re: ipvar EXTERNAL_NET
From: Edwin Smulders <edwin.smulders () northwave nl>
Date: Tue, 18 Nov 2014 20:50:12 +0100
I don't believe it is. The way I understand it, HOME_NET is the space you are protecting. EXTERNAL_NET is the world wide web. Many rules depend on this direction being right. If you write your own rules, it matters less, ofcourse. On 18 November 2014 20:45, Peggs Randahl <Randahl.Peggs () gemalto com> wrote:
Most examples I see on the net define HOME_NET in various ways and then define the EXTERNAL_NET as being anything not HOME_NET. Is it ever appropriate to define both in the opposite way. For example, specifically define your EXTERNAL_NET as 1 or more external interfaces or internet facing CIDR addresses and then define HOME_NET as being anything that’s not EXTERNAL EXAMPLE: ipvar EXTERNAL_NET 205.2xx.xx.X ipvar HOME_NET !$EXTERNAL_NET Regards, RJ ------------------------------ This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited. E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender. Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- ipvar EXTERNAL_NET Peggs Randahl (Nov 18)
- Re: ipvar EXTERNAL_NET Edwin Smulders (Nov 18)
- Re: ipvar EXTERNAL_NET Iain Lorimer (Nov 19)
- Re: ipvar EXTERNAL_NET Edwin Smulders (Nov 18)