OPNsense Forum

English Forums => Intrusion Detection and Prevention => Topic started by: Pocket_Sevens on June 03, 2022, 03:43:49 pm

Title: [Solved] Suricata and IPv6 and
Post by: Pocket_Sevens on June 03, 2022, 03:43:49 pm

Hello and I apologize if this is a noob question.

I've just done a fresh install of 21.7.8 and reconfiguring from scratch.  As this is a brand new configuration, I'm using both IPv4 and IPv6 for my DHCP addresses.  I can see both a IPv4 and IPv6 address on my WAN and for my IPv6 compatible devices.

So, I'm setting up Suricata with a simple rule to block Tor (ET open/tor ruleset) and set it to Drop in my policy.  However, it doesn't appear that the rule is actually working.  In my previous config, I only used IPv4 in my setup for DHCP leases and the rule would work.  My concern is that, if I add additional rules, they wouldn't be dropped either.

What am I missing in my IPv6 setup for Suricata?  I'm completely new to IPv6 and am still trying to understand how the numbering convention/subnets/prefixes/etc. works. 

Thanks in advance.

Title: [Solved] Re: Suricata and IPv6 and
Post by: Pocket_Sevens on June 03, 2022, 07:11:11 pm

Just as an update: I ended up installing Zenarmor and it works for both IPv4 and IPv6.  It gives me exactly what I'm looking for. :)