[Oisf-users] Suricata 4.1-beta1 and bpf filters
C. L. Martinez
carlopmart at gmail.com
Tue Jun 19 06:52:34 UTC 2018
Hi all,
I have problems with Suricata 4.1-beta1 and bpf filters. As an example:
(ip and (src host (192.168.5.1 or 192.168.5.30 or 192.168.5.31 or 192.168.5
250 or 192.168.5 251 or 192.168.5.252 or 192.168.5.253 or 192.168.5.250 or
192.168.5.251 or 192.168.5.252 or 192.168.5.253) and
(tcp dst port (22 or 25 or 80 or 443 or 445 or 8009 or 8080 or 8081
or 8082 or 8083 or 8084 or 8085 or 8086 or 8087 or 8088 or 8139 or 9443)))
and
not host ( 192.168.6.35 or 192.168.6.36))
This filter works without problems in tcpdump, but suricata doesn't
process it ... Suricata command line is:
suricata -c /etc/suricata/suricata.yaml --pidfile /var/run/suricata.pid
--pfring=eno2 -vvv -k none -F /etc/suricata/filter_policy.conf
Any idea?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20180619/d94736db/attachment.html>
More information about the Oisf-users
mailing list