My computer has two LAN sockets on eth0 and eth1. My home network is connected via eth0 and my ADSL router via eth1.

I want Snort to disregard activity on either eth0 or eth1 and to monitor only traffic coming from the Internet where the router's address is 192.168.n.n.

Debian has a DEBIAN_SNORT_HOME_NET variable which should be set to 192.168.n.n/nn. What do I need to set it to to disregard anything coming from 19.168.anything?

I especially don't understand the net mask bit even though I have read a bit about it. Goes over the head I'm afraid.

Barry Samuels http://www.beenthere-donethat.org.uk The Unofficial Guide to Great Britain