[Snort-users] excluding ip's from HOME_NET

quentyn at ...3871... quentyn at ...3871...
Tue Nov 5 07:37:10 EST 2002


If I define HOME_NET like so

var HOME_NET [192.168.18.0/24]

how would I define it so that all in the /24 is HOME_NET but 1 ip ( the
GW ) is not ?

ie var HOME_NET [192.168.18.0/24,!192.168.18.1/32]

I want 192.168.18.1/32 to effectively be in external_net ( due to
NATing)



any ideas ?


-- 
#####################
Quentyn Taylor
Sysadmin - Fotango
#####################
"Usenet is like a herd of performing elephants with diarrhea -- massive,
difficult to redirect,
awe-inspiring, entertaining, and a source of mind- boggling amounts of
excrement when you
least expect it." 
   Gene "spaf" Spafford (1992)




More information about the Snort-users mailing list