[Oisf-users] about tcp-whitelist

Victor Julien lists at inliniac.net
Tue Dec 5 07:25:43 UTC 2017

On 05-12-17 03:52, mazhuang at 17paipai.cn wrote:
> hi 
>     I set the white list in the suricata.yaml, but did not take effect,
> I can still receive the destination port is 443 alarm.

That setting controls how rules are grouped together. The 'whitelist'
setting makes sure that there is a group specifically for rules
targetting port 443.

What you are looking for is probably bpf:


I would imagine a filter like 'not tcp port 443'

e.g. 'suricata -i eth0 not tcp port 443'

Victor Julien
PGP: http://www.inliniac.net/victorjulien.asc

More information about the Oisf-users mailing list