[Oisf-users] address-group syntax
Andreas Herz
andi at geekosphere.org
Tue Feb 7 20:59:52 UTC 2017
On 06/02/17 at 11:27, Michael Stone wrote:
> Is the syntax for address-groups (e.g., HOME_NET) fully described anywhere?
> There are config file examples that suggest some syntax, but there's also a
> todo note in detect-engine-address.c that suggests that certain forms won't
> work properly (e.g., I think, setting HOME_NET to [!10.0.0.0/8] and
> EXTERNAL_NET to !HOME_NET / ![!10.0.0.0/8] ?) It's certainly possible to
> experiment, but it would be nice to know what is supposed to work and what
> isn't.
Does this part of the doc help you out?
http://suricata.readthedocs.io/en/latest/rules/intro.html#source-and-destination
--
Andreas Herz
More information about the Oisf-users
mailing list