Variables

Three types of variables may be defined in Snort:

• var
• portvar
• ipvar

These are simple substitution variables set with the var, ipvar, or portvar keywords as follows:

    var RULES_PATH rules/
    portvar MY_PORTS [22,80,1024:1050]
    ipvar MY_NET [192.168.1.0/24,10.1.1.0/24]
    alert tcp any any -> $MY_NET $MY_PORTS (flags:S; msg:"SYN packet";)
    include $RULE_PATH/example.rule