Chris you can set rules via the PF_RING API: did you see https://github.com/ntop/PF_RING/blob/dev/userland/examples/pffilter_test.c ?
Regards Luca > On 30 Mar 2016, at 21:12, Clark, Erik J <clark...@state.gov> wrote: > > All; > I am trying to filter out tcp and udp traffic at the kernel level via > pf_ring, but can not find any documentation as to how to actually craft a > rule, or how you would make one persist. The only reference I can find is to > > /proc/net/pf_ring/dev/${interface}/rules > > Which would not be persistent. If I wanted to filter out all tcp 443 traffic > before handing it off to the application layer, say for Snort or Bro, how do > I do that at the pf_ring level persistently? Thanks much! > > Erik > > > > _______________________________________________ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it <mailto:Ntop-misc@listgateway.unipi.it> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc