arachnids ids updater script

["Kevin Brown "usedcomputersales.net"" <isp () dotgonepc com>]

So I am using smoothwall firewall 1.0, but with serious virus.rules ids lacking
So I went to whitehats.com and got their arachnids updater.40.tar.gz, and ran it on 
my linux box. I then used scp to the smoothwall and overwrote the old virus.rules.
My question is this:
Does the ids take into consideration any internal-external ip addresses?
I think automation is great and want to write rules myself, but how does my ids look 
from outside using a generic set of rules?
hewre is an example:
alert TCP $EXTERNAL any -> $INTERNAL 1080 (msg: "IDS481/misc_socks-
overflow-x86linux"; flags: A+; content: "|eb29 5e 897630 89f0 83c008 894634|";)
this is ids 481 that says, any tcp packet from external to internal ( meaning my dhcp 
cable modem to my internal 192.168.X.X nic, on port 1080 with content of blah send 
alert.
Does snort know that internal and external nics by name and ip ??
keivn brown



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users