[Snort-users] Exclude IP addresses for all rules

Filbert Filbert at ...1187...
Sun Dec 15 07:51:02 EST 2002


Hi,

I want to exclude IP addresses in my home net from being watched at
all.

In my snort.conf I did the following:


# exclude 192.168.1.1 and 192.168.1.2 from being watched
var EXCLUDE 192.168.1.1,192.168.1.2

var HOME_NET [!$EXCLUDE,192.168.1.0/24]


But snort keeps me alerting on traffic for 192.168.1.1 and 192.168.1.2
What am I doing wrong?

many tnx

-- 
 Filbert                          mailto:Filbert at ...1187...





More information about the Snort-users mailing list