[Snort-users] ipvar EXTERNAL_NET

Peggs Randahl Randahl.Peggs at ...17031...
Tue Nov 18 14:45:06 EST 2014


Most examples I see on the net define HOME_NET in various ways and then define the EXTERNAL_NET as being anything not HOME_NET.

Is it ever appropriate to define both in the opposite way.  For example, specifically define your EXTERNAL_NET as 1 or more external interfaces or internet facing CIDR addresses and then define HOME_NET as being anything that's not EXTERNAL

EXAMPLE:
ipvar EXTERNAL_NET 205.2xx.xx.X
ipvar HOME_NET !$EXTERNAL_NET

Regards,

RJ
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141118/03439e26/attachment.html>


More information about the Snort-users mailing list