[Oisf-users] limit alerting to outbound vs inbound?

Dewhirst, Rob robdewhirst at gmail.com
Fri Oct 28 19:42:26 UTC 2011


Is there a way I can have suricata NOT alert when certain rules
(especially the DROP, COMPROMISED sets) are tripped for inbound
connections?  For some of my public systems I don't care if known bad
hosts are contacting them, but I most certainly want to know if they
make connections *out* to those systems.



More information about the Oisf-users mailing list