[Bro] Blocking packets

Johanna Amann johanna at icir.org
Mon Aug 8 10:07:06 PDT 2016

Hello Daniel,

to interact with the traffic on your network, e.g. by installing blocking
rules into your hardware, you can use the NetControl framework, which is
part of our current development version and will be part of 2.5.
Documentation is available at
https://www.bro.org/sphinx-git/frameworks/netcontrol.html and

Apart from that, Bro by itself can not block traffic; it depends on
outside hardware or software to do that, but it can be used to push rules
out depending on the traffic that you see.

I hope that helps,

On Fri, Aug 05, 2016 at 03:36:23PM +0000, Daniel Manzo wrote:
> Hi all,
> Can Bro block packets or part of traffic, in addition to logging? Or is this something that needs to be configured on an aggregator or tap? I apologize if this is a very simple topic, as I'm a Bro noob.
> Best regards,
> Daniel Manzo

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list