Chris
you can set rules via the PF_RING API: did you see
https://github.com/ntop/PF_RING/blob/dev/userland/examples/pffilter_test.c ?
Regards Luca
> On 30 Mar 2016, at 21:12, Clark, Erik J <clark...@state.gov> wrote:
>
> All;
> I am trying to filter out tcp and udp traffic at the kernel level via
> pf_ring, but can not find any documentation as to how to actually craft a
> rule, or how you would make one persist. The only reference I can find is to
>
> /proc/net/pf_ring/dev/${interface}/rules
>
> Which would not be persistent. If I wanted to filter out all tcp 443 traffic
> before handing it off to the application layer, say for Snort or Bro, how do
> I do that at the pf_ring level persistently? Thanks much!
>
> Erik
>
>
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
