[Oisf-users] feedback packet filtering

Theodore Elhourani theodore.elhourani at gmail.com
Wed Jul 17 22:26:38 UTC 2013

Does suricata have any mechanism for filtering packets at the kernel level
(iptables), in runtime?

Let's say a drop was triggered from IP-only module, and all subsequent
packets in the stream were automatically dropped. Now, is there a mechanism
to insert iptables rules for filtering out future packets of the same type?

The same idea may apply to the case of whitelisted traffic. If we know the
signature of benign traffic, then we may in certain cases allow the traffic
to bypass suricata via iptables rules.

It would be nice have this kind of functionality, as it can help reduce the
cost of packet acquisition.

Thanks, Ted
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130717/90b49a1e/attachment.html>

More information about the Oisf-users mailing list