Thu Nov 23 16:36:19 EST 2017
"You may also specify lists of IP addresses. An IP list is specified
by enclosing a comma separated list of IP addresses and CIDR blocks
within square brackets. For the time being, the IP list may not include
spaces between the addresses. See Figure 2.5 for
an example of an IP list in action."
Now, what does this mean EXACTLY? With the complex negation rules, how can I include an IP address that's already been excluded or vice versa? Is there a way?? From what Florent is saying, the IP list variables can either be a strict exclude OR include - it can't incorporate both...! Feature request maybe? Probably PEBCAK ... either way, does anyone know the answer?
More information about the Snort-users