From 7fdf9edb60af489ff96040e1d2f53e1ba97b759d Mon Sep 17 00:00:00 2001
From: Brian Lechthaler <brianlechthaler@protonmail.ch>
Date: Mon, 7 Sep 2020 19:57:15 -0700
Subject: [PATCH 1/2] Update Suricata Capture Filter for New Docker Repo

---
 docker/suricata/dist/capture-filter.bpf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/suricata/dist/capture-filter.bpf b/docker/suricata/dist/capture-filter.bpf
index d43d7d6e..7df8e70f 100644
--- a/docker/suricata/dist/capture-filter.bpf
+++ b/docker/suricata/dist/capture-filter.bpf
@@ -1,3 +1,3 @@
 not (host sicherheitstacho.eu or community.sicherheitstacho.eu or listbot.sicherheitstacho.eu) and
 not (host deb.debian.org) and
-not (host index.docker.io or docker.io)
+not (host ghcr.io)

From b1d8e293de9ed4b76dafd21216bb196655a29767 Mon Sep 17 00:00:00 2001
From: Brian Lechthaler <brianlechthaler@protonmail.ch>
Date: Tue, 8 Sep 2020 10:45:58 -0700
Subject: [PATCH 2/2] add DockerHub back in cap filter

see https://github.com/telekom-security/tpotce/pull/691#issuecomment-688648225
---
 docker/suricata/dist/capture-filter.bpf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docker/suricata/dist/capture-filter.bpf b/docker/suricata/dist/capture-filter.bpf
index 7df8e70f..e2daeec9 100644
--- a/docker/suricata/dist/capture-filter.bpf
+++ b/docker/suricata/dist/capture-filter.bpf
@@ -1,3 +1,4 @@
 not (host sicherheitstacho.eu or community.sicherheitstacho.eu or listbot.sicherheitstacho.eu) and
 not (host deb.debian.org) and
-not (host ghcr.io)
+not (host ghcr.io) and
+not (host index.docker.io or docker.io)