Feature request: separate incoming/outgoing whitelist

[akhepcat]

add an optional "ignore_(incoming|outgoing)" flag to each CIDR block in the /etc/networks_whitelist

this would allow high-speed one-way clients to still have protection in the opposite direction.

[pavel-odintsov]

Hello!

If you are interested in netflow or sflow you could wrote own hook script https://github.com/pavel-odintsov/fastnetmon/blob/master/src/netflow_hooks.lua or https://github.com/pavel-odintsov/fastnetmon/blob/master/src/sflow_hooks.lua and filter out some packets according to source or destination IP or direction.

[cuddylier]

I would also be interested in this as I have some servers on a ddos protected network but sometimes an attack can leak for a few seconds but I would want to avoid them being nullrouted as usually the large network port copes fine so would only want outbound to be filtered to stop any outbound abuse.

[pavel-odintsov]

Do you need it for port mirror?

[cuddylier]

I would just be using sflow so whatever that is, I don't think port mirroring?

[pavel-odintsov]

Yes. So you could use mentioned earlier approach and parse data with LUA :)

[akhepcat]

Never used LUA, actually.

is there an example available in the repo?

[pavel-odintsov]

I have shared two links above :)

[akhepcat]

Ah, those are examples, and not the hook interface. Sorry, naming got me.

[pavel-odintsov]

Yes it's example script for lua ;)