[Snort-users] simple question

Steve Halligan giermo at ...187...
Mon Oct 7 14:23:04 EDT 2002

Well, you can run snort like this:

snort [your options] host !A.B.C.100


You can add a -o to the command line and make a pass rule like:

pass ip any any -> A.B.C.100 any


you can make your HOME_NET:

var HOME_NET [A.B.C.0/24,!A.B.C.100]

I know the first two work, the third may not, but I think it does.


>though it may sound extremely newbie and extremely simple:
>I have a class A.B.C.0/24 to which I want some snort rules to 
>be applied, 
>EXCEPT one IP from that class, A.B.C.100.
>how do I do that ?
>Login: petre          			Name: Petre Bandac
>Directory: /home/petre              	Shell: /bin/bash
>Office: -, -				Home Phone: -
>On since Mon Oct  7 22:58 (EEST) on tty1   52 minutes 12 seconds idle
>No mail.
>none, for the time being :-)
>This sf.net email is sponsored by:ThinkGeek
>Welcome to geek heaven.
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>Snort-users list archive:

More information about the Snort-users mailing list