[Snort-users] Home_Net woes
erek at ...577...
Wed Sep 18 13:15:02 EDT 2002
On Wed, 18 Sep 2002, Jim Overholser wrote:
> I'm in the thick of configuring a snort box. I'm getting all of my local
> traffic, even though I think I have the HOME_NET variable set properly.
> Var HOME_NET [18.104.22.168/24,10.100.1.0/24]
> Is this incorrect? Two subnets.
I honestly thing you have your EXTERNAL_NET set incorrectly. IMHO, the best
setting for it is:
var EXTERNAL_NET !$HOME_NET
That will ignore all traffic coming from your HOME_NET in the rules.
More information about the Snort-users