[Snort-users] Snort.conf variables
erek at ...950...
Tue Nov 11 08:56:13 EST 2003
On Mon, 10 Nov 2003, Remus wrote:
> Just my small confusion regarding HOME_NET and EXTERNAL_NET variables.
> I have a Linux firewall which one runs Snort as well:
> eth0 - external network
> eth1 - local network
> And it has port forwards to web, smtp servers in the local network.
> Now my question is which one variables I have to use for my eth0 and eth1?
> And which one variable I have to use for my web and smtp server:
> var SMTP_SERVERS $HOME_NET or EXTERNAL_NET?
HOME_NET is what you want to watch. EXTERNAL_NET is where the attacks
come from... One way to do it:
var HOME_NET <my_network>
var EXTERNAL_NET !$HOME_NET
That means that the external net is everything _but_ the home_net.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users