bridge-firewall on Bro
Sylvain de Tilly
sylvain at detilly.net
Mon Apr 7 04:57:06 PDT 2003
Thanks a lot, it's now working like a charm...
Vern Paxson <vern at icir.org> writes:
> For what you are doing, you will need to either edit scan.bro to
> remove the hostnames, for example replacing
>
> const skip_scan_sources = {
> ...
> };
>
> with
>
> const skip_scan_sources: set[addr];
>
> (you can't replace it with just "const skip_scan_sources = { };", because
> then Bro can't figure out the variable's type); or you could arrange for
> the DNS service on your box to resolve them directly via /etc/hosts.
>
> Vern
>
--
Sylvain de Tilly
"Mettons nous tout GNU !"
un GNUdiste.
More information about the Bro
mailing list