Do I have to enter the public IP into the HOME_NET variable?

suricata

Do I have to enter the public IP of eth0 as HOME_NET in the suricata.yaml?

vars:
  # more specific is better for alert accuracy and performance
  address-groups:
    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"

My understanding is that only private addresses belong in the variable HOME_NET


$HOME_NET is supposed to list the IP addresses of your protected hosts/networks. It doesn't matter if these addresses are private or public.

Related

lvmcache/dm-cache writeback cache full performance
Dynamic Google hosted DNS zone update by DHCP
Do not recursion DNS queries
Postfix header_checks add X-Mailgun-Tag
Return a specific/200 status code for a particular URL prefix in Haproxy
Redirect All emails to
Length of the side of a similar triangle
Find :$\frac{A1}{A}−\frac{A}{A2}$ in the triangle below
Homotopy extension property of a pushout - converse statement
Product of paracompact and compact spaces [duplicate]
Computing the expected size of the largest connected component in a "hitomezashi graph" (described in the question body)
Rationalize $\frac{1}{t^\frac12+t^\frac32}$