Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort.conf variables

From: Erek Adams <erek () snort org>
Date: Tue, 11 Nov 2003 11:55:32 -0500 (EST)
On Mon, 10 Nov 2003, Remus wrote:


Just my small confusion regarding HOME_NET and EXTERNAL_NET variables.

I have a Linux firewall which one runs Snort as well:

eth0 - external network
eth1 - local network

And it has port forwards to web, smtp servers in the local network.

Now my question is which one variables I have to use for my eth0 and eth1?

And which one variable I have to use for my web and smtp server:
var SMTP_SERVERS $HOME_NET or EXTERNAL_NET?


HOME_NET is what you want to watch.  EXTERNAL_NET is where the attacks
come from...  One way to do it:

        var HOME_NET <my_network>
        var EXTERNAL_NET !$HOME_NET

That means that the external net is everything _but_ the home_net.

Cheers!


-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: ApacheCon 2003,
16-19 November in Las Vegas. Learn firsthand the latest
developments in Apache, PHP, Perl, XML, Java, MySQL,
WebDAV, and more! http://www.apachecon.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: