yaml: move vars to the top

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 74a3b95d9f401ef752530f215b86a1835b4c1978..6d80e603d1a129b6a4966ada6b0804e9b99e306e 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -5,6 +5,42 @@
 # options in this file, full documentation can be found at:
 # https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
 
+##
+## Step 1: inform Suricata about your network
+##
+
+vars:
+  # more specifc is better for alert accuracy and performance
+  address-groups:
+    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
+    #HOME_NET: "[192.168.0.0/16]"
+    #HOME_NET: "[10.0.0.0/8]"
+    #HOME_NET: "[172.16.0.0/12]"
+    #HOME_NET: "any"
+
+    EXTERNAL_NET: "!$HOME_NET"
+    #EXTERNAL_NET: "any"
+
+    HTTP_SERVERS: "$HOME_NET"
+    SMTP_SERVERS: "$HOME_NET"
+    SQL_SERVERS: "$HOME_NET"
+    DNS_SERVERS: "$HOME_NET"
+    TELNET_SERVERS: "$HOME_NET"
+    AIM_SERVERS: "$EXTERNAL_NET"
+    DNP3_SERVER: "$HOME_NET"
+    DNP3_CLIENT: "$HOME_NET"
+    MODBUS_CLIENT: "$HOME_NET"
+    MODBUS_SERVER: "$HOME_NET"
+    ENIP_CLIENT: "$HOME_NET"
+    ENIP_SERVER: "$HOME_NET"
+
+  port-groups:
+    HTTP_PORTS: "80"
+    SHELLCODE_PORTS: "!80"
+    ORACLE_PORTS: 1521
+    SSH_PORTS: 22
+    DNP3_PORTS: 20000
+    MODBUS_PORTS: 502
 
 # Number of packets preallocated per thread. The default is 1024. A higher number 
 # will make sure each CPU will be more easily kept busy, but may negatively 
@@ -1196,57 +1232,6 @@ rule-files:
 classification-file: @e_sysconfdir@classification.config
 reference-config-file: @e_sysconfdir@reference.config
 
-# Holds variables that would be used by the engine.
-vars:
-
-  # Holds the address group vars that would be passed in a Signature.
-  # These would be retrieved during the Signature address parsing stage.
-  address-groups:
-
-    HOME_NET: "[192.168.0.0/16,10.0.0.0/8,172.16.0.0/12]"
-
-    EXTERNAL_NET: "!$HOME_NET"
-
-    HTTP_SERVERS: "$HOME_NET"
-
-    SMTP_SERVERS: "$HOME_NET"
-
-    SQL_SERVERS: "$HOME_NET"
-
-    DNS_SERVERS: "$HOME_NET"
-
-    TELNET_SERVERS: "$HOME_NET"
-
-    AIM_SERVERS: "$EXTERNAL_NET"
-
-    DNP3_SERVER: "$HOME_NET"
-
-    DNP3_CLIENT: "$HOME_NET"
-
-    MODBUS_CLIENT: "$HOME_NET"
-
-    MODBUS_SERVER: "$HOME_NET"
-
-    ENIP_CLIENT: "$HOME_NET"
-
-    ENIP_SERVER: "$HOME_NET"
-
-  # Holds the port group vars that would be passed in a Signature.
-  # These would be retrieved during the Signature port parsing stage.
-  port-groups:
-
-    HTTP_PORTS: "80"
-
-    SHELLCODE_PORTS: "!80"
-
-    ORACLE_PORTS: 1521
-
-    SSH_PORTS: 22
-
-    DNP3_PORTS: 20000
-
-    MODBUS_PORTS: 502
-
 # Set the order of alerts bassed on actions
 # The default order is pass, drop, reject, alert
 # action-order: