Posted by user8446 on Mar 08, 2016; 1:23am
URL: https://itus.accessinnov.com/Snort-rules-info-tp221p334.html

Gnomad wrote

Since I'm in Router mode, I'm considering making the edit

ipvar HOME_NET [192.168.100.0/24,10.1.1.0/24,10.10.10.0/24]

 where 192.168 is the subnet of my modem, 10.1.1 is my access point (wifi router), and 10.10.10.10 is of course the Shield.

Similarly then, I should be able to change

ipvar EXTERNAL_NET any

 to

ipvar EXTERNAL_NET !$HOME_NET

Any issues anyone can spot?
Should I be treating the modem subnet as external too?

On the external it wouldn't break anything but it wouldn't achieve anything either. That would just exclude your IP's on external that you put into the home. Since your LAN isn't on the internet and hidden behind NAT, it would be the same as any.