[Oisf-users] OT: Question about a bpf filter
C. L. Martinez
carlopmart at gmail.com
Tue Mar 10 12:24:57 UTC 2015
Hi all,
Sorry to disturb with this question but I have a doubt. I need to
filter traffic that comes to one host from our internal nets and
monitor with suricata.
In this host, traffic flows like in a web proxy does (in fact, it is
a proxy server for a commercial product). My intention is to monitor
only conections that arrives to this server, but not connections
created by it.
An example of bpf filter:
(ip and not src host 1.1.1.1) or (vlan and not src host 1.1.1.1)
I am not sure if this is ok because, what about response connections
from this server to the client, who has generate the original
connection?
Thanks.
More information about the Oisf-users
mailing list