Zeek 2.6.1 - packet_filter - unable to filter out traffic

Hello,

I have added the following to local.bro in order to test filtering out certain traffic from inspection:

redef restrict_filters += {
[“Exclude Test”] = “not (src host 192.168.204.2 and dst host 8.8.8.8 and dst port 53)”
};

Bro restarts no problem but the filter is not taking effect. If I look at packet_filter.log it is not showing up there either:

more packet_filter.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2019-03-05-19-16-49
#fields ts node filter init success
#types time string string bool bool

I also tried adding the filter in broctl.cfg as per below:

broargs = -f ‘not (src host 192.168.204.2 and dst host 8.8.8.8 and dst port 53)’

Argument would show up in the bro process list but again filter would not take affect.

I have the same configuration in local.bro on another instance running Bro v2.5.5 and it works. Below you can see output from packet_filter.log:

more packet_filter.log
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path packet_filter
#open 2019-03-05-19-09-48
#fields ts node filter init success
#types time string string bool bool
1551812988.372400 bro (ip or not ip) and (not (src host 192.168.204.2 and dst host 8.8.8.8 and dst port 53)) T T

Do you know what could be the issue here?

Also is there another way of filtering out traffic? For example have a file with bunch of BPF filters that could be passed on to Bro at startup instead of modifying the local.bro file each time traffic needs to be excluded?

Thank You

Konrad