diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index d7da0b2c1a..84e30e9df3 100644
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -96,6 +96,7 @@ AFPIfaceConfig *ParseAFPConfig(char *iface)
     char *tmpclusterid;
     char *tmpctype;
     intmax_t value;
+    int dispromisc;
 
     if (aconf == NULL) {
         return NULL;
@@ -105,6 +106,7 @@ AFPIfaceConfig *ParseAFPConfig(char *iface)
     aconf->buffer_size = 0;
     aconf->cluster_id = 1;
     aconf->cluster_type = PACKET_FANOUT_HASH;
+    aconf->promisc = 1;
 
     /* Find initial node */
     af_packet_node = ConfGetNode("af-packet");
@@ -172,6 +174,13 @@ AFPIfaceConfig *ParseAFPConfig(char *iface)
         aconf->buffer_size = 0;
     }
 
+    ConfGetChildValueBool(if_root, "disable-promisc", (int *)&dispromisc);
+    if (dispromisc) {
+        SCLogInfo("Disabling promiscuous mode on iface %s",
+                aconf->iface);
+        aconf->promisc = 0;
+    }
+
     return aconf;
 }
 
diff --git a/src/source-af-packet.c b/src/source-af-packet.c
index 789282890a..9a6211eb61 100644
--- a/src/source-af-packet.c
+++ b/src/source-af-packet.c
@@ -153,6 +153,7 @@ typedef struct AFPThreadVars_
 
     /* socket buffer size */
     int buffer_size;
+    int promisc;
 
     int cluster_id;
     int cluster_type;
@@ -647,18 +648,20 @@ static int AFPCreateSocket(AFPThreadVars *ptv, char *devname, int verbose)
         close(ptv->socket);
         return -1;
     }
-    /* Force promiscuous mode */
-    memset(&sock_params, 0, sizeof(sock_params));
-    sock_params.mr_type = PACKET_MR_PROMISC;
-    sock_params.mr_ifindex = bind_address.sll_ifindex;
-    r = setsockopt(ptv->socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,(void *)&sock_params, sizeof(sock_params));
-    if (r < 0) {
-        SCLogError(SC_ERR_AFP_CREATE,
-                   "Couldn't switch iface %s to promiscuous, error %s",
-                   devname,
-                   strerror(errno));
-        close(ptv->socket);
-        return -1;
+    if (ptv->promisc != 0) {
+        /* Force promiscuous mode */
+        memset(&sock_params, 0, sizeof(sock_params));
+        sock_params.mr_type = PACKET_MR_PROMISC;
+        sock_params.mr_ifindex = bind_address.sll_ifindex;
+        r = setsockopt(ptv->socket, SOL_PACKET, PACKET_ADD_MEMBERSHIP,(void *)&sock_params, sizeof(sock_params));
+        if (r < 0) {
+            SCLogError(SC_ERR_AFP_CREATE,
+                    "Couldn't switch iface %s to promiscuous, error %s",
+                    devname,
+                    strerror(errno));
+            close(ptv->socket);
+            return -1;
+        }
     }
     /* set socket recv buffer size */
     if (ptv->buffer_size != 0) {
@@ -739,6 +742,8 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data) {
 
     ptv->buffer_size = afpconfig->buffer_size;
 
+    ptv->promisc = afpconfig->promisc;
+
     ptv->threads = 1;
 #ifdef HAVE_PACKET_FANOUT
     ptv->cluster_type = PACKET_FANOUT_LB;
diff --git a/src/source-af-packet.h b/src/source-af-packet.h
index 7c3b529ad9..2a3df30fb4 100644
--- a/src/source-af-packet.h
+++ b/src/source-af-packet.h
@@ -49,6 +49,8 @@ typedef struct AFPIfaceConfig_
     /* cluster param */
     int cluster_id;
     int cluster_type;
+    /* promisc mode */
+    int promisc;
 } AFPIfaceConfig;
 
 void TmModuleReceiveAFPRegister (void);
diff --git a/suricata.yaml b/suricata.yaml
index bd832750c5..369e874b59 100644
--- a/suricata.yaml
+++ b/suricata.yaml
@@ -177,12 +177,15 @@ af-packet:
     defrag: yes
     # recv buffer size, increase value could improve performance
     # buffer-size: 32768
+    # Set to yes to disable promiscuous mode
+    # disable-promisc: no
   - interface: eth1
     threads: 1
     cluster-id: 98
     cluster-type: cluster_round_robin
     defrag: yes
     # buffer-size: 32768
+    # disable-promisc: no
 
 defrag:
   max-frags: 65535