[Snort-users] SNORT $INTERNAL $EXTERNAL and $NHOMENET variables

Erick Arturo Perez Huemer eperez at ...637...
Sat Oct 14 18:08:55 EDT 2000


I finally installed snort from a src package. Thanks to Lambert, Goodrum and
Lindenblatt for their help (first time with src RPMs, sorry).

My internal net is 10.x.x.0 and the external interface (internet) is
208.x.x.x.
In the vision.rules I use $INTERNAL (10.x.x.0) and $EXTERNAL (208.x.x.x) for
that ruleset.
In the lastes snort ruleset 10102k.rules there is a variable called
$HOME_NET which i defined as the 208.x.x.x. network.

According with the vision ruleset will my snort process traffic going from
the external interface IP to the internal (10.x) only? What about the
address of the internet itself? How do I define the variables to allow snort
match the internet traffic against my 208.x.x.x IP ?

and according to 10102k ruleset the variable $HOME_NET will work as
expected, right?

Snort is listening on the external (internet) interface.

Erick A. Perez H.




More information about the Snort-users mailing list