[Oisf-users] Include a file in configuration

Yasha Zislin coolyasha at hotmail.com
Tue Jun 24 21:13:53 UTC 2014


I am not familiar with either one. 
Whichever one will be easy to implement and allow for this variable/list to be updated easily (hopefully not involve suricata service restart).

Thanks for the info.

> Date: Tue, 24 Jun 2014 13:35:47 -0600
> Subject: Re: [Oisf-users] Include a file in configuration
> From: lists at unx.ca
> To: coolyasha at hotmail.com
> CC: oisf-users at lists.openinfosecfoundation.org
> 
> On Tue, Jun 24, 2014 at 12:17 PM, Yasha Zislin <coolyasha at hotmail.com> wrote:
> > The command line option might work. Is there a limit how long the variable
> > can be when passed with command line option?
> >
> > Or maybe there is another solution to my original problem. This variable
> > contains a list of IPs. My goal is to avoid any alerts for these IPs since
> > they get blocked completely by something else but Suricata still sees this
> > traffic. So I've created a variable and set my external net to be !home_net
> > and !myvariable. This way traffic from these IPs is treated as home traffic
> > and no alerts get triggered.
> >
> > If there is another way of doing this exclusion, I am welcome to
> > suggestions.
> 
> bpf filter?  Or perhaps some pass rules?  The pass rule could match on
> the specific IPs preventing them from alerting.
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140624/6d32058c/attachment-0002.html>


More information about the Oisf-users mailing list