SNORT questions: exclude internal IP from SNORT
Have a newbie SNORT question. Is it possible to exclude certain internal IP range from SNORT. The SNORT white list seems to only work on external IP.
Reason is I have a few smart TV behind pfsense. Sometime the video source IP will get block by pfsense due to various rules. It is a major PIB to keep on adding whitelist IP because some of the source have large IP range and not always in continuous block.
Thanks in advance
You just use the alias of the TV on the whitelist…
somehow whitelist did not work for me. Eventually I edit the snort conf directly and build up the home_lan var and exclude the IP range. So far so good.