Do I have to enter the public IP into the HOME_NET variable?

Question

Do I have to enter the public IP of eth0 as HOME_NET in the suricata.yaml?

vars:
  # more specific is better for alert accuracy and performance
  address-groups:
    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

My understanding is that only private addresses belong in the variable HOME_NET

score 1 · Accepted Answer · answered Dec 30 '21 at 08:49

1

$HOME_NET is supposed to list the IP addresses of your protected hosts/networks. It doesn't matter if these addresses are private or public.

answered Dec 30 '21 at 08:49

AlexD

1 Answers1