[Snort-users] What is the difference in using IPVAR and VAR ?

Michael Steele michaels at ...9077...
Thu Aug 18 17:38:30 EDT 2011


Windows 7 is ipv6 and ipv4 enabled on install, and XP is only ipv4. I was
looking at using the same snort.conf between the two installs.

If I have ipv6 and ipv4  enabled, then I would need to compile Snort with
ipv6 and use ipvar?

If I have ipv4 installed I could still use ipvar as long as I have Snort
compiled for ipv6, even though ipv6 was not installed on the box?

It's a little confusing because if I use:

ipvar RULE_PATH d:\winids\snort\rules

I get an error and have to go back to:

var RULE_PATH d:\winids\snort\rules

Kindest regards,
Michael...

-----Original Message-----
From: Mike Lococo [mailto:mikelococo at ...11827...] 
Sent: Thursday, August 18, 2011 4:35 PM
To: Michael Steele
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] What is the difference in using IPVAR and VAR ?

On 08/18/2011 04:00 PM, Michael Steele wrote:
> So if my OS is only ipv4 (Windows XP); as long as I have Snort 
> compiled for
> ipv6 I can use ipvar?

No idea, I don't run Snort on Windows. I speculate that if you can
successfully compile Snort with ipv6 enabled, then you can use ipvar
regardless of what platform you're on.  On the other hand, if you are really
don't care about ipv6, you can just change the ipvars to vars in the config
file.  Except for ipv6 support, they are equivalent and it doesn't matter
which one you use.

If ipv6 is important to you, you MUST you ipvar.
If ipv4 is all you care about, you MAY use either var or ipvar.
If you use ipvar, you MUST compile in ipv6, regardless of whether you care
about or intend to use it.

Cheers,
Mike Lococo

----------------------------------------------------------------------------
--
Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user
administration capabilities and model configuration. Take the hassle out of
deploying and managing Subversion and the tools developers use with it.
http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort
news!






More information about the Snort-users mailing list