[Oisf-users] about tcp-whitelist
Victor Julien
lists at inliniac.net
Tue Dec 5 07:25:43 UTC 2017
On 05-12-17 03:52, mazhuang at 17paipai.cn wrote:
> hi
> I set the white list in the suricata.yaml, but did not take effect,
> I can still receive the destination port is 443 alarm.
That setting controls how rules are grouped together. The 'whitelist'
setting makes sure that there is a group specifically for rules
targetting port 443.
What you are looking for is probably bpf:
http://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html
I would imagine a filter like 'not tcp port 443'
e.g. 'suricata -i eth0 not tcp port 443'
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list