I have the following pipeline rule (it filters more, but those have been removed to illustrate). My monitor is on the same subnet as some linode hosts with 192.16.0.0/16 addresses, and they are being filtered as expected. Srcip for 172.30 addresses in my AWS VPC, however, are not being filtered.
What am I doing wrong? It should catch 172.16.0.0/12, right?
rule "discard http monitors"
when
has_field("srcip") &&
(
in_private_net("srcip")
)
then
drop_message();
end