Posted by user8446 on Mar 08, 2016; 1:34am
URL: https://itus.accessinnov.com/Snort-rules-info-tp221p335.html

Roadrunnere42 wrote

Hi
I tried
ipvar EXTERNAL_NET !$HOME_NET

but shield refused to connect to internet so I put in  the ip of router instead all worked, but i'm not sure if this is correct

ipvar EXTERNAL_NET 192.168.0.1

roadrunnere42

It didn't work because that syntax would cancel itself out. It's saying external IP's can be anything BUT what is listed in home_net which is ANY. You would need to have something listed in home_net. Also, you basically disabled your rules where you put in your internal IP for your external. You want that to be ANY.