Exclude IPS

user13 · November 19, 2014, 12:54am

Hi

I have exclude IP using these command

local.bro:

redef PacketFilter::enable_auto_protocol_capture_filters = F;

redef capture_filters = { [“all”] = “ip or not ip” };

local-worker.bro:

redef restrict_filters = { [“not-hosts”] = “not host X.X.X.X” };

Seth_Hall3 · November 19, 2014, 2:09pm

Hi Hichul!

You could actually simplify this all by just putting that last line in local.bro. The rest aren't necessary.

.Seth

user13 · November 20, 2014, 5:55am

Hi Seth
Thank you

I put
redef restrict_filters = { [“not-hosts”] = “not host X.X.X.X” };

in a local.bro and it worked. very simple oneliner

Thank’s

ioannis.psaroudakis · November 21, 2014, 11:21am

Hi all,

Thank you for your answers.

Indeed it works fine for Bro 2.3.1 running in Ubuntu 14.04.

Topic		Replies	Views
Exclude IPS Zeek	4	115	May 6, 2022
Exclude IPS - only src ip Zeek	4	92	May 6, 2022
Bro restrict filters question Zeek	4	114	May 6, 2022
Bro Digest, Vol 113, Issue 31 Zeek	2	63	May 6, 2022
Ignoring hosts or ranges? Zeek	3	78	May 6, 2022