Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Capture Filters BPF
« previous
next »
Print
Pages: [
1
]
Author
Topic: Capture Filters BPF (Read 2796 times)
dcol
Hero Member
Posts: 635
Karma: 51
Capture Filters BPF
«
on:
October 07, 2019, 11:49:27 pm »
Is there any way to setup Capture Filters (BPF) in Suricata? Or is that something that has to be added to the code
I would like to ignore some hosts.
See here.
https://suricata.readthedocs.io/en/latest/performance/ignoring-traffic.html
Logged
jonny5
Newbie
Posts: 35
Karma: 3
Re: Capture Filters BPF
«
Reply #1 on:
October 16, 2023, 08:44:12 pm »
Reawakening a very old thread, but, I was also curious if anyone setup the BPF Filter for Suricata on OPNSense?
Example Suricata Docs on BPF filtering specific to its inspection:
https://docs.suricata.io/en/latest/performance/ignoring-traffic.html
While I have compiled and ran my own Suricata, I did so on Ubuntu, so the difference between FreeBSD and Ubuntu and how the share inspect pf ring or otherwise gets created is unknown to me.
Haven't found how to filter that way (not modifying N+ IDS rules is ideal), but, it might just because I don't know where to look. Any help appreciated!!
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Capture Filters BPF
