What are Snort HOME_NET and EXTERNAL_NET Variables?! Snort rules rely on variables to know what traffic they should inspect and what to ignore. Each Snort rule has a header where a bunch of variables are defined such as the action to be taken, protocol, source IP, source port, destination IP and destination port. The most important two bits among these variables are the source and destination IP addresses. These two variables define what should be protected and what should not. In Snort language these two variables are called HOME_NET and EXTERNAL_NET. HOME_NET should include all the IP addresses that Firepower should protect which means all our IP addresses whether private or public, but what about the EXTERNAL_NET?! should it be anything else except our protected IP addresses defined in our HOME_NET?! or should it be anything including our HOME_NET?! let’s find out together :).