[Snort-users] rules

Matt Kettler mkettler at ...4108...
Wed Apr 28 13:12:10 EDT 2004


At 12:08 PM 4/28/2004, Macaluso Aldo wrote:
>i downloaded the rules from snort www.
>I have a rules for snmp that matches more time "snmp pubblic access udp"
>I would like to write a rule (in another file) that pass this one if the
>source address is my home network, but alert for External network.

Question:

Why not just write the first rule to use EXTERNAL_NET as a source, and 
define EXTERNAL_NET to be !$HOME_NET instead of "any".






More information about the Snort-users mailing list