[Oisf-users] whitelist with timeout?
Cooper F. Nelson
cnelson at ucsd.edu
Wed Oct 12 17:21:07 UTC 2016
Sort of.
What you could do is create pass rules to whitelist the IPs and then
store them in a separate rules file, like 'pass.rules'.
You could then have a separate process to add/remove pass rules in this
file via cron or some other mechanism, then trigger a rule reload on the
suricata process.
-Coop
On 10/12/2016 5:49 AM, John Devine wrote:
> Hi all,
>
> Quick question regarding suricata: is it possible to whitelist IPs with a specific timeout in suricata?
>
> Thanks
>
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net
>
--
Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161012/dcbca806/attachment-0002.sig>
More information about the Oisf-users
mailing list