[Bro] BPF?

George Insko ginsko3 at gmail.com
Thu Jan 16 07:12:20 PST 2014

Hi all,

I need to block all SSL traffic going to my Bro box. I was going to
use BPF  to accomplish this
task using a zero source address and a port number. So something like this:

#Nothing from src host to dst port
!(src host && dst port 443) &&

Does that make sense and will it work? Do you all have any other ways to
permanently filter traffic?
*George Insko*
Email:    ginsko3 at gmail.com
Twitter: @ginsko3
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140116/b46b5966/attachment.html 

More information about the Bro mailing list