Configuration of the IP reputation inspector module
In this section, we will briefly discuss the various configuration parameters associated with the IP reputation inspector. The --help-config command line option is useful for retrieving configuration information for any module. Here, we can see a list of configuration parameters that are relevant to the IP reputation inspector module:
$ snort3 --help-config reputation
string reputation.blocklist: blocklist file name with IP lists
string reputation.list_dir: directory for IP lists and manifest file
int reputation.memcap = 500: maximum total MB of memory allocated { 1:4095 }
enum reputation.nested_ip = 'inner': IP to use when there is IP encapsulation { 'inner|outer|all' }
enum reputation.priority = 'allowlist': defines priority when there is a decision conflict during run-time { 'blocklist|allowlist' }
bool reputation.scan_local = false: inspect local address defined in RFC 1918
enum reputation...
