[Snort-users] Exclude IP addresses for all rules
tschenz-snort-users at ...7018...
Mon Dec 16 00:12:03 EST 2002
> I want to exclude IP addresses in my home net from being watched at
As you write 'being watched at all' the best thing to do is to ignore
the IPs via BPF. Have a look at Erek Adams post:
Try starting snort with "snort -options.... not host 192.168.1.1 and not
> var HOME_NET [!$EXCLUDE,192.168.1.0/24]
The problem is, that you have an ORed list in HOME_NET. !192.168.1.1 OR
192.168.1.0/24 matches on all IPs in 192.168.1.0/24.
Have a look at my last week's post at
More information about the Snort-users