How to remove IP inspection

How can I remove IP inspection/Checking for all the IP’s
I know we can use whitelist/bpf for this but it is for selected IP that we config
I want suricata to skip all IP inspection because I am using a different application for that
So I want to save some processing time in suricata
How can I do that.


You’ll have to edit the rules

Use suricata --engine-analysis to analyze the ruleset you’re using. Then, in the log directory, edit rules_analysis.txt and look for rules that are marked with Rule is ip only.

You can delete these rules if you have other applications doing the equivalent.

1 Like