kraigu/gist:7646342

Created November 25, 2013 18:39

Star 0 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/kraigu/7646342.js"></script>
Save kraigu/7646342 to your computer and use it in GitHub Desktop.

Download ZIP

bro packet filter

Raw

gistfile1.txt

	event bro_init() &priority=-12
	{
	restrict_filters["ignore tor node"] = "not (net 192.16.0.0/16)";
	PacketFilter::install();
	}

Author

kraigu commented Nov 25, 2013

slam this bad boy into local.bro for packet filtering. example for #bro IRC channel

Author

kraigu commented Nov 25, 2013

[BroControl] > print PacketFilter::current_filter
manager PacketFilter::current_filter = (ip or not ip) and (not (net 192.168.0.0/16))
proxy-1 PacketFilter::current_filter = (ip or not ip) and (not (net 192.168.0.0/16))
worker-1 PacketFilter::current_filter = (ip or not ip) and (not (net 192.168.0.0/16))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment