[Snort-users] snort.conf & commandline.
radamson at ...2127...
Mon Jul 8 07:09:08 EDT 2002
> > > var HOME_NET any
> > > var EXTERNAL_NET $HOME_NET
> > Command line options will override setup variables in snort.conf.
> Or is the config file parsed (HOME_NET=any, EXTERNAL_NET=any) and then
> the command line (HOME_NET=192.168.1.34/32, EXTERNAL_NET=192.168.1.34/32)
> Reason why I ask this is, I released snort 1.8.6 as a Debian package
> recently and found that EXTERNAL_NET has $HOME_NET as value, and was
> wondering what the impact of redefining the HOME_NET variable during
> snort-startup would be on EXTERNAL_NET.
> I hope the above clarifies what I try to find out :)
My guess based on your comments is you probably want an equal sign
in the var External_Net definition. Something like:
var EXTERNAL_NET = $HOME_NET, or,
var EXTERNAL_NET != $HOME_NET
If I've understood what you're trying to accomplish, the Home_Net should
describe the IP addresses that you are trying to protect (or observe),
and the External_Net is everything else (eg, !=).
More information about the Snort-users