[Snort-users] FATAL ERROR: /usr/local/etc/snort.conf(45) Unknown rule type: ipvar.
wkitty42 at ...14940...
Mon Aug 15 22:20:46 EDT 2011
On 8/15/2011 21:32, alexus wrote:
> Anything specific ?
> On Aug 15, 2011 8:59 PM, "Joel Esler" <jesler at ...1935...
> <mailto:jesler at ...1935...>> wrote:
> > Sounds like you may need to take a look at our recommended compile options at
> the top of the snort.conf in the etc/ directory.
i believe that joel is referencing the ipv6 compile option which enables ipv6 in
snort... if you do not use ipv6, it should not be necessary to include support
for it, IMHO...
however, one must also note that many are "running scared" of the ipv4 address
depletion stuff and they are not realizing that the ip allocation folk still
have several hundred thousand or more of ipv4 addresses available for
assignment... just because the top dawgs (dogs for those without a southern US
accent) don't have any more to allocate to the top level assigners is not really
a reason to panic as has been seen in recent months... especially when one
understands that RFC1918 addresses can/should be used on internal networks and
only external facing machines really need WAN addresses that all can access...
i'm aware of several large corporations with (ancient nomenclature) class b and
class c address blocks that are assigned to their internal lan machines which
could easily be using RFC1918 addresses instead and that would, amongst other
things, save them some $$$ on the cost of their address blocks ;)
More information about the Snort-users