[Oisf-users] Include a file in configuration
Jason Ish
lists at unx.ca
Tue Jun 24 19:35:47 UTC 2014
On Tue, Jun 24, 2014 at 12:17 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> The command line option might work. Is there a limit how long the variable
> can be when passed with command line option?
>
> Or maybe there is another solution to my original problem. This variable
> contains a list of IPs. My goal is to avoid any alerts for these IPs since
> they get blocked completely by something else but Suricata still sees this
> traffic. So I've created a variable and set my external net to be !home_net
> and !myvariable. This way traffic from these IPs is treated as home traffic
> and no alerts get triggered.
>
> If there is another way of doing this exclusion, I am welcome to
> suggestions.
bpf filter? Or perhaps some pass rules? The pass rule could match on
the specific IPs preventing them from alerting.
More information about the Oisf-users
mailing list