[Snort-users] Snort home net and external net question

waldo kitty wkitty42 at ...14940...
Sat Sep 4 02:36:20 EDT 2010


On 9/3/2010 14:25, Jason Wallace wrote:
> That error is because the /16 contains the /24 (bigger = more general)

that says that the reason someone else posted it should be capable is why it is 
not capable... seems like some backward logic may be in place with this 
particular need...

>
> You can do ... [10.1.0.0/16, ![10.1.1.0/24]]
>
> But you can not do ... [10.1.1.0/24,![10.1.0.0/16]]
>
> Also, order does not matter.

that's good to hear...

>
>
> pp. 20-21 Snort Manual

which snort manual? specifically, which version? there are many subtle changes 
that may not be apparent between versions... even worse is when VRT doesn't go 
back and correct older documentation :? :(




More information about the Snort-users mailing list