[Snort-users] Semantics of ipvar HOME_NET

Research research at ...17107...
Mon Mar 2 16:11:02 EST 2015

ANSWERED - Turns out I didn’t read the comment *DIRECTLY* above that line and the word “home” was confusing me.

The comment is:

	# Setup the network addresses you are protecting


	ipvar HOME_NET

…means provide snort analysis on web server at

On Mar 2, 2015, at 3:15 PM, Research <research at ...17107...> wrote:

> Hello,
> I am currently using snort as an IDS on a web server.
> In /etc/snort/snort.conf when I have the variable “HOME_NET”, I understand that in an inline context, that would be my network block for my internal network (i.e.:   In my context, though, is it correct to set HOME_NET to the IP address of my web server as the IP address is the one I am trying to monitor ?
> Thanks

More information about the Snort-users mailing list