[Snort-users] snort.conf & commandline.

Rich Adamson radamson at ...2127...
Mon Jul 8 07:09:08 EDT 2002


> > > var HOME_NET any
> > > var EXTERNAL_NET $HOME_NET
> > Command line options will override setup variables in snort.conf.
> Or is the config file parsed (HOME_NET=any, EXTERNAL_NET=any) and then 
> the command line (HOME_NET=192.168.1.34/32, EXTERNAL_NET=192.168.1.34/32)
> 
> Reason why I ask this is, I released snort 1.8.6 as a Debian package
> recently and found that EXTERNAL_NET has $HOME_NET as value, and was
> wondering what the impact of redefining the HOME_NET variable during
> snort-startup would be on EXTERNAL_NET. 
> 
> I hope the above clarifies what I try to find out :)

My guess based on your comments is you probably want an equal sign
in the var External_Net definition. Something like:
  var EXTERNAL_NET = $HOME_NET,  or,
  var EXTERNAL_NET != $HOME_NET

If I've understood what you're trying to accomplish, the Home_Net should
describe the IP addresses that you are trying to protect (or observe), 
and the External_Net is everything else (eg, !=).







More information about the Snort-users mailing list