[Snort-users] Snort.conf variables

Erek Adams erek at ...950...
Tue Nov 11 08:56:13 EST 2003

On Mon, 10 Nov 2003, Remus wrote:

> Just my small confusion regarding HOME_NET and EXTERNAL_NET variables.
> I have a Linux firewall which one runs Snort as well:
> eth0 - external network
> eth1 - local network
> And it has port forwards to web, smtp servers in the local network.
> Now my question is which one variables I have to use for my eth0 and eth1?
> And which one variable I have to use for my web and smtp server:

HOME_NET is what you want to watch.  EXTERNAL_NET is where the attacks
come from...  One way to do it:

	var HOME_NET <my_network>

That means that the external net is everything _but_ the home_net.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list