Hi Christian, I have concerns for some of the changes proposed. More specifically:
- If you want you can specify 'any', to not trust any side of the network. + If you specify 'any', Snort will listen on all available networks. The problem is that the 'snort/address_range' is actually the definition of $HOME_NET. This is the definition of the local network, i.e. the internal network that might be attacked from the outside. Snort uses this information to filter out traffic. Traffic that is destined to other network ranges is filtered out and those are considered "trusted" addresses. This template might better be written as: _Description: Address range for the local network: And remove the above line. Also, the patch changes the template files, but it should change the following files instead: snort.TEMPLATE.templates, snort.DATABASE.templates, snort-mysql.ADD.templates and snort-pgsql.ADD.templates. I think I described how templates are handled in the review, but you have to patch these files and then run 'debian/rules update-templates' All the other changes look OK. Feel free to make the changes as I said above and make the call of translators. Regards Javier
signature.asc
Description: Digital signature
