[Snort-users] Snort.conf variables

Erek Adams erek at ...950...
Tue Nov 11 08:56:13 EST 2003


On Mon, 10 Nov 2003, Remus wrote:

> Just my small confusion regarding HOME_NET and EXTERNAL_NET variables.
>
> I have a Linux firewall which one runs Snort as well:
>
> eth0 - external network
> eth1 - local network
>
> And it has port forwards to web, smtp servers in the local network.
>
> Now my question is which one variables I have to use for my eth0 and eth1?
>
> And which one variable I have to use for my web and smtp server:
> var SMTP_SERVERS $HOME_NET or EXTERNAL_NET?

HOME_NET is what you want to watch.  EXTERNAL_NET is where the attacks
come from...  One way to do it:

	var HOME_NET <my_network>
	var EXTERNAL_NET !$HOME_NET

That means that the external net is everything _but_ the home_net.

Cheers!


-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list