<p dir="ltr">Place it before the divert rule.</p>
<div class="gmail_quote">On Sep 19, 2013 2:25 PM, "Jose Carlos Álvarez" <<a href="mailto:jcalvarezvg@gmail.com">jcalvarezvg@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
I have made Suricata work in inline mode in FreeBSD 8, however I would<br>
like to add an exception to the divert rule:<br>
<br>
110 divert 8000 ip from any to any via em0<br>
<br>
How can I exclude the SSH default port (22) from the divert rule above?<br>
<br>
Thank you.<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</blockquote></div>