[Oisf-users] Whitelist Network in Suricata

Nico Holguin nico at iso.utah.edu
Fri Mar 15 15:41:20 UTC 2019

Create a pass rule like this [1]:
pass ip 64.39.XX.XX/20 any -> any any (msg:"pass all traffic from/to"; sid:1;)

If you do not want anything from that network, you could also use a more efficient capture filter.


From: Oisf-users <oisf-users-bounces at lists.openinfosecfoundation.org> on behalf of jayaprasad v <jayaprasad800 at gmail.com>
Sent: Friday, March 15, 2019 4:44:02 AM
To: Open Information Security Foundation
Subject: [Oisf-users] Whitelist Network in Suricata

Dear All,

Could you please help me with the below request.

I was trying to suppress/whitelist particular IP network, so that we will not get any more alerts from this IP range.

Below are the steps which I tried to suppress but with no success.

Edited /etc/suricata/threshold.config and added below entry

suppress gen_id 0, sig_id 0, track by_src, ip 64.39.XX.XX/20
suppress gen_id 1, sig_id 0, track by_src, ip 64.39.XX.XX/20

Restarted the suricata service.

Could you please help me and advice how to proceed on this.


More information about the Oisf-users mailing list