-
|
Normally, one would configure their BPF in security Onion 2.3 by editing the global.sls file, but what if you want to have multiple BPF configurations at different times of the day. For example, I would like to allow any traffic from 8:00-23:00, but after 23:00 I would like to block any traffic from 192.168.135.144. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
To clarify, Security Onion is totally passive and so it doesn't actually block any traffic. A BPF will filter the traffic so that it is not seen by a sniffing process like Suricata, Zeek, or Stenographer. If you want different BPF configurations at different times of day, one option might be to create cron jobs to update the config file. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for your answer and I accidentally wrote block instead of filter. An upsie from me. The solution with the cron job worked, thanks |
Beta Was this translation helpful? Give feedback.
To clarify, Security Onion is totally passive and so it doesn't actually block any traffic. A BPF will filter the traffic so that it is not seen by a sniffing process like Suricata, Zeek, or Stenographer.
If you want different BPF configurations at different times of day, one option might be to create cron jobs to update the config file.