Suricata config file question


What is the main point of having 4 “$HOME_NET” lines on the config file?

I am assuming that the first one is to use multiple LANs together. In that case, I can eliminate the rest of the lines.

Assuming that I have multiple LANs on my network (which I do), I can separate the $HOME_NET variables by IP. On one line only the networks, on the other only the networks. In this case, I can eliminate the first entry (the one that is merging all the networks).

Am I thinking this right?

Set HOME_NET to match your “internal” system resources with the CIDRs that match your deployment scenario.

There are a few examples listed – but they are commented out with the # character.

If you have multiple networks, start with the example listing multiple CIDRs.