Adding a script to filter out internal-only traffic for brutes on IRC.

sethhall · Sep 24, 2014 · 0f2248f · 0f2248f
1 parent 2e6869d
commit 0f2248f
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/filter-out-internal-traffic.bro b/filter-out-internal-traffic.bro
@@ -0,0 +1,15 @@
+@load base/frameworks/packet-filter
+@load base/utils/site
+
+event bro_init() &priority=5
+	{
+	local nets = "";
+	for ( network in Site::local_nets )
+		{
+		if ( nets != "" )
+			nets += " or ";
+
+		nets += cat(network);
+		}
+	restrict_filters["no-internal"] = fmt("not ( src net (%s) and dst net (%s) )", nets, nets);
+	}