[Bro] Proper syntax for ignoring subnet to subnet traffic

Seth Hall hall.692 at osu.edu
Thu Mar 11 13:07:44 PST 2010

On Mar 11, 2010, at 3:10 PM, Mathew Binkley wrote:

> Thanks Seth.  A slightly different question:  how do I ignore traffic
> between hosts in a particular subnet?  I want to ignore all chatter
> between machines in my cluster, and simply examine traffic between the
> cluster and the world.

I would do something similar to the earlier filter...

redef restrict_filters += {
	["ignore_internal"] = "not (src net and dst net"


Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721

More information about the Bro mailing list