[Oisf-users] Can I use BPF filter file with suricata?
rmkml
rmkml at yahoo.fr
Fri Mar 18 19:53:59 UTC 2011
Hi Carl,
It's possible reduce your bpf expression like it: 'not (dst host (239.192.57.11 or 172.17.47.27 or 172.17.47.28) and dst port 5405)'
Regards
Rmkml
On Fri, 18 Mar 2011, carlopmart wrote:
> On 03/18/2011 04:52 PM, Victor Julien wrote:
>>>>
>>>> How would this work? A text file with a single expression?
>>>>
>>>
>>> Like for example as snort does. An example:
>>>
>>> not (dst host 239.192.57.11 and dst port 5405) and
>>> not (dst host 172.17.47.27 and dst port 5405) and
>>> not (dst host 172.17.47.28 and dst port 5405)
>>>
>>
>> Cool, can you open a feature request for this on our redmine site?
>> https://redmine.openinfosecfoundation.org/projects/suricata
>>
>> Thanks!
>> Victor
>>
>>
>
> Done it:
>
> https://redmine.openinfosecfoundation.org/issues/277
More information about the Oisf-users
mailing list