I am needing to modify a default filter in a pack,
So, I'm finding myself needing to modify a default filter in a pack, which currently says: ```C.Net.isPrivate(srcaddr) && C.Net.isPrivate(dstaddr) && action=='ACCEPT'```
Answers
-
hate to tell you, but the http://C.Net|C.Net function is expensive. Regex might be a little lighter, beleive it or not.
0 -
specifically if you have a high volume of data you're checking as to whether it's RFC1918 or not
0 -
I cratered Stream until we figured that out while I was checking the same thing for Palo Alto logs (lots of big logs with lots of IPs).
0 -
my new subnet falls on clean octet boundaries, so that shouldn't be too hard
0 -
I'd move the initial check to your pre-process pipeline/pack and create a temporary boolean variable to use in your filter.
0 -
something like, `__isPrivate==true` kind of thing
0
