Is there any way to setup Capture Filters (BPF) in Suricata? Or is that something that has to be added to the code
I would like to ignore some hosts.
See here.
https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html
Reawakening a very old thread, but, I was also curious if anyone setup the BPF Filter for Suricata on OPNSense?
Example Suricata Docs on BPF filtering specific to its inspection:
https://docs.suricata.io/en/latest/performance/ignoring-traffic.html
While I have compiled and ran my own Suricata, I did so on Ubuntu, so the difference between FreeBSD and Ubuntu and how the share inspect pf ring or otherwise gets created is unknown to me.
Haven't found how to filter that way (not modifying N+ IDS rules is ideal), but, it might just because I don't know where to look. Any help appreciated!!