Project

General

Profile

Actions
Copy link

Support #2666

closed

add BPF filter from /etc/init.d/suricata to /etc/suricata/suricata.yaml

Added by lolilol party over 5 years ago. Updated about 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

hello,

I have a bpf filter in /etc/init.d/suricata 

SURICATA_OPTIONS=" -c $SURCONF --pidfile $PIDFILE $LISTEN_OPTIONS -D -vvv $USER_SWITCH not proto 47

but I don't want to modify the init.d file, so I want to move this filter "not proto 47" in /etc/suricata/suricata.yaml

It is possible ?

Thanks

Actions
Copy link
 #1

Updated by Victor Julien over 5 years ago

Yes, you can add it in the yaml to the interface config. Most likely af-packet in your case, so it would go here https://github.com/OISF/suricata/blob/master/suricata.yaml.in#L692

Actions
Copy link
 #2

Updated by Victor Julien over 5 years ago

  • Tracker changed from Feature to Support
Actions
Copy link
 #3

Updated by Victor Julien about 5 years ago

  • Status changed from New to Closed
Actions
Copy link

Also available in: Atom PDF