[Oisf-users] Include a file in configuration

Jason Ish lists at unx.ca
Tue Jun 24 19:35:47 UTC 2014


On Tue, Jun 24, 2014 at 12:17 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> The command line option might work. Is there a limit how long the variable
> can be when passed with command line option?
>
> Or maybe there is another solution to my original problem. This variable
> contains a list of IPs. My goal is to avoid any alerts for these IPs since
> they get blocked completely by something else but Suricata still sees this
> traffic. So I've created a variable and set my external net to be !home_net
> and !myvariable. This way traffic from these IPs is treated as home traffic
> and no alerts get triggered.
>
> If there is another way of doing this exclusion, I am welcome to
> suggestions.

bpf filter?  Or perhaps some pass rules?  The pass rule could match on
the specific IPs preventing them from alerting.



More information about the Oisf-users mailing list