[Bro] Proper syntax for ignoring subnet to subnet traffic

Seth Hall hall.692 at osu.edu
Thu Mar 11 11:44:12 PST 2010

On Mar 11, 2010, at 2:01 PM, Mathew Binkley wrote:

> but not  Machine1 <-> Machine2.  Thanks.

redef restrict_filters += {
	["ignore_machine1_to_machine2"] = "not (host and host"

Don't do that inside of an event handler or function definition.


Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721

More information about the Bro mailing list