Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FATAL ERROR: !any is not allowed in EXTERNAL_NET

    Scheduled Pinned Locked Moved IDS/IPS
    2 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gc75
      last edited by

      Hello all,

      I'm having this problem with the latest snort update:

      Jun 10 15:01:32 php-fpm 3909 /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 3825 -D -l /var/log/snort/snort_re03825 –pid-path /var/run --nolock-pidfile -G 3825 -c /usr/local/etc/snort/snort_3825_re0/snort.conf -i re0' returned exit code '1', the output was ''

      Jun 10 15:01:32 snort 17998 FATAL ERROR: /usr/local/etc/snort/snort_3825_re0/snort.conf(6) !any is not allowed in EXTERNAL_NET.

      Who helps me?

      
# Define Local Network #
ipvar HOME_NET [0.0.0.0,8.8.4.4,8.8.8.8,127.0.0.1,192.168.1.1,192.168.1.99/24,192.168.1.100,192.168.2.0/24,192.168.3.0/24,::1,fe80::1:1,fe80::20d:b9ff:fe3c:b614,fe80::20d:b9ff:fe3c:b615,fe80::f6f2:6dff:fe7e:a976]
ipvar EXTERNAL_NET [!0.0.0.0,!8.8.4.4,!8.8.8.8,!127.0.0.1,!192.168.1.1,!192.168.1.99/24,!192.168.1.100,!192.168.2.0/24,!192.168.3.0/24,!::1,!fe80::1:1,!fe80::20d:b9ff:fe3c:b614,!fe80::20d:b9ff:fe3c:b615,!fe80::f6f2:6dff:fe7e:a976]
      1 Reply Last reply Reply Quote 0
      • bmeeksB
        bmeeks
        last edited by

        @gc75:

        Hello all,

        I'm having this problem with the latest snort update:

        Jun 10 15:01:32 php-fpm 3909 /snort/snort_interfaces.php: The command '/usr/local/bin/snort -R 3825 -D -l /var/log/snort/snort_re03825 –pid-path /var/run --nolock-pidfile -G 3825 -c /usr/local/etc/snort/snort_3825_re0/snort.conf -i re0' returned exit code '1', the output was ''

        Jun 10 15:01:32 snort 17998 FATAL ERROR: /usr/local/etc/snort/snort_3825_re0/snort.conf(6) !any is not allowed in EXTERNAL_NET.

        Who helps me?

        
# Define Local Network #
ipvar HOME_NET [0.0.0.0,8.8.4.4,8.8.8.8,127.0.0.1,192.168.1.1,192.168.1.99/24,192.168.1.100,192.168.2.0/24,192.168.3.0/24,::1,fe80::1:1,fe80::20d:b9ff:fe3c:b614,fe80::20d:b9ff:fe3c:b615,fe80::f6f2:6dff:fe7e:a976]
ipvar EXTERNAL_NET [!0.0.0.0,!8.8.4.4,!8.8.8.8,!127.0.0.1,!192.168.1.1,!192.168.1.99/24,!192.168.1.100,!192.168.2.0/24,!192.168.3.0/24,!::1,!fe80::1:1,!fe80::20d:b9ff:fe3c:b614,!fe80::20d:b9ff:fe3c:b615,!fe80::f6f2:6dff:fe7e:a976]

        Something in your setup is returning a null address.  The problem entry is "!0.0.0.0" in the EXTERNAL_NET declaration.  That is coming from some interface, DNS server, VPN or VIP.

        Bill

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.