Hi, I have a few (~20) lists of IPs provided by Shadowserver (https://www.shadowserver.org) on a daily basis. Some lists contain a few hundred IPs and some contain tens of thousands of IPs. I want to have pmacct filter out netflow records that do not have a destination IP contained in these lists. Example logic would be: If the netflow record is destined to an IP in the open DNS server list and on UDP dst port 53 Then store netflow record Else If the netflow record is destined to an IP in the open NTP server list and on UDP dst port 123 Then store netflow record ..additional lists... Else drop netflow record
Is there a way to do this? It seems like there would be too many entries for BPF. Also, I want to dynamically update these lists every night. Thanks! [signature_1767717039] Rich Compton | Principal Eng | 314.596.2828 8560 Upland Drive, Suite B | Englewood, CO 80112 E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists
