SNORT questions: exclude internal IP from SNORT
-
Have a newbie SNORT question. Is it possible to exclude certain internal IP range from SNORT. The SNORT white list seems to only work on external IP.
Reason is I have a few smart TV behind pfsense. Sometime the video source IP will get block by pfsense due to various rules. It is a major PIB to keep on adding whitelist IP because some of the source have large IP range and not always in continuous block.
Thanks in advance
-
bump
-
You just use the alias of the TV on the whitelist…
-
somehow whitelist did not work for me. Eventually I edit the snort conf directly and build up the home_lan var and exclude the IP range. So far so good.