[Snort-users] Snort home net and external net question

Joel Esler jesler at ...1935...
Fri Sep 3 12:52:44 EDT 2010


On Sep 3, 2010, at 11:01 AM, Andy Berryman wrote:

> If I have my home net of snort set to:
>  
> var HOME_NET [10.215.0.0/16]
>  
> How can I make my external net be !$HOME_NET and 10.215.40.0/24 subnet?
>  

With recent versions of Snort, you can do positives and negatives in the same variable, but the more specific entry needs to come first.

var HOME_NET [10.215.0.0/16]
var EXTERNAL_NET [10.216.40.0/16,!$HOME_NET]

Should work.

Joel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100903/4863646b/attachment.html>


More information about the Snort-users mailing list