Exclude HOME_NET from EXTERNAL_NET

[YvesEutelsat]

Version

2.4.70

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

airgap

Hardware Specs

Exceeds minimum requirements

CPU

16

RAM

128G

Storage for /

1T

Storage for /nsm

350M

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

No, there are no failures

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

Good day,

I would like to know what needs to be written in WebInterface Administration - Configuration - Suricata - config - vars - address-group - EXTERNAL_NET to exclude the HOME_NET.

I did tried, !$HOME_NET but it seems the only input has to be numerical values (IP addresses). I did some online research, read the documentation but everything I found was !$HOME_NET but it does not work.

Any assistance would be much appreciated

Thanks

Guidelines

• I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.

[TOoSmOotH]

This is a known bug.

You can apply the changes manually of wait until 2.4.80 for the fix: https://github.com/Security-Onion-Solutions/securityonion/pull/13156/files

[YvesEutelsat]

Thanks, how to I manually enter the HOME_NET Ip address to be excluded.

I did try this below
!x.x.x.x
![x.x.x.x]

no success.

Your assistance is much appreciated

[TOoSmOotH]

Did you apply the fix manually?

[YvesEutelsat]

I did not apply the fix manually.