[Snort-devel] Re: [Snort-users] what to do with dynamic ip hosts

Fyodor fygrave at ...1...
Mon Oct 2 00:50:47 EDT 2000

~ :Hello,
~ : I am going to run snort on my firewall that is hooked up to a cable
~ :connection. I am trying to use the rule set you can create on the web page. But
~ :it needs the ip of the computer it is on. My ip changes due to the dhcp lease.
~ :Is there a way to have it listen to interface eth0 instead of the ip address of
~ :eth0?
~ :

What I think you mean it to set IP address of eth0 to $HOMENET variable 
instead of giving address explictly, right?

On the moment we dont support this feature, but there were a couple of
scripts posted to the list while ago, which allow you to run snort when
your IP address changes dinamically.

However I was thinking here, we can retrive ip address and netmask of the
interface, which you run snort on, during startup (I don't see if there's
any way to detect interface IP address change during runtime), so what I
think we can do is introducing some global variable
(INTERFACE_ADDRESS?) which would be initialized to an IP address and
netmask at startup time, so you could put something like:


into your snort-lib file.. Any thoughts? 

More information about the Snort-devel mailing list