From 0f2248f1341ce23511f2680bc57f001c3d7e6239 Mon Sep 17 00:00:00 2001
From: Seth Hall <seth@icir.org>
Date: Wed, 24 Sep 2014 13:54:29 -0400
Subject: [PATCH] Adding a script to filter out internal-only traffic for
 brutes on IRC.

---
 filter-out-internal-traffic.bro | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 filter-out-internal-traffic.bro

diff --git a/filter-out-internal-traffic.bro b/filter-out-internal-traffic.bro
new file mode 100644
index 0000000..bcdbb2d
--- /dev/null
+++ b/filter-out-internal-traffic.bro
@@ -0,0 +1,15 @@
+@load base/frameworks/packet-filter
+@load base/utils/site
+
+event bro_init() &priority=5
+	{
+	local nets = "";
+	for ( network in Site::local_nets )
+		{
+		if ( nets != "" )
+			nets += " or ";
+
+		nets += cat(network);
+		}
+	restrict_filters["no-internal"] = fmt("not ( src net (%s) and dst net (%s) )", nets, nets);
+	}
\ No newline at end of file