[Bro] Proper syntax for ignoring subnet to subnet traffic

Seth Hall hall.692 at osu.edu
Thu Mar 11 11:44:12 PST 2010


On Mar 11, 2010, at 2:01 PM, Mathew Binkley wrote:

> but not  Machine1 <-> Machine2.  Thanks.


redef restrict_filters += {
	["ignore_machine1_to_machine2"] = "not (host 1.2.3.4 and host 1.2.3.5)"
};

Don't do that inside of an event handler or function definition.

   .Seth

---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721




More information about the Bro mailing list