[Snort-users] Snort home net and external net question

waldo kitty wkitty42 at ...14940...
Sat Sep 4 02:38:04 EDT 2010


On 9/3/2010 14:50, Andy Berryman wrote:
> Now that’s just a crazy idea. Why would someone RTFM? Much easier to be lazy and
> ask.
>
> /sarcasm aside
>
> So, if I’m reading it right, I need to do something like this:
>
> HOME_NET [10.215.0.0/16,![10.215.40.0/24]]
>
> EXTERNAL_NET !$HOME_NET
>
> That would include all of the 10.215.x.x as the home net except 10.215.40.x
> would be excluded. So then the external net !$HOME_NET should work. But it doesn’t.

oh wow! that's just too cool! going the opposite way to get to the same 
corner... i like it! too bad it doesn't work as you state :? :(




More information about the Snort-users mailing list