[Snort-users] External Subnets

adam_peterson at ...10608... adam_peterson at ...10608...
Tue Nov 25 16:11:03 EST 2003


Is it possible to specify a negative variable value for a variable? 
Meaning:

var EXTERNAL_NET        !HOME_NET

The bang is just an idea of something that would negate the value so that 
my external_net variable would be any ip/subnet that isn't part of the 
home_net variable.  Is there anything in place to allow for this?  Could 
there be?  Since so many of the rules are based on the external_net 
variable, it's very frustrating that it must be set to ANY for my 
configurations because I can't specifiy every subnet on the Internet...or 
can I?

Any help/advice is greatly appreciated.

Adam Peterson | Senior WAN Engineer | SPL WorldGroup | 
adam_peterson at ...10608...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031125/12e310ac/attachment.html>


More information about the Snort-users mailing list