[Oisf-users] whitelist with timeout?

Cooper F. Nelson cnelson at ucsd.edu
Wed Oct 12 17:21:07 UTC 2016

Sort of.

What you could do is create pass rules to whitelist the IPs and then
store them in a separate rules file, like 'pass.rules'.

You could then have a separate process to add/remove pass rules in this
file via cron or some other mechanism, then trigger a rule reload on the
suricata process.


On 10/12/2016 5:49 AM, John Devine wrote:
> Hi all,
> Quick question regarding suricata: is it possible to whitelist IPs with a specific timeout in suricata?
> Thanks
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Suricata User Conference November 9-11 in Washington, DC: http://suricon.net

Cooper Nelson
Network Security Analyst
UCSD ITS Security Team
cnelson at ucsd.edu x41042

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20161012/dcbca806/attachment-0002.sig>

More information about the Oisf-users mailing list