From dfbb31df8a03c4b150079902088e305060132a8e Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Tue, 26 Mar 2013 14:16:23 +0100
Subject: [PATCH] Exit if bpf is used in IPS mode

---
 src/suricata.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/suricata.c b/src/suricata.c
index c5c0c36faf..3b48ee3085 100644
--- a/src/suricata.c
+++ b/src/suricata.c
@@ -381,6 +381,13 @@ static void SetBpfString(int optind, char *argv[]) {
     if (bpf_len == 0)
         return;
 
+    if (IS_ENGINE_MODE_IPS(engine_mode)) {
+        SCLogError(SC_ERR_NOT_SUPPORTED,
+                   "BPF filter not available in IPS mode."
+                   " Use firewall filtering if possible.");
+        exit(EXIT_FAILURE);
+    }
+
     bpf_filter = SCMalloc(bpf_len);
     if (unlikely(bpf_filter == NULL))
         return;