1
Intrusion Detection and Prevention / NOT Work for IPv6
« on: September 30, 2020, 08:18:06 am »
Hi all! First of all, I am very grateful to the opnsense software and the community, which brought me a lot of convenience in my work.
Recently I met a problem, having searched for days I haven't found the solution.
In 'Services: Intrusion Detection', Suricata rules work well for IPv4 traffic, e.g.
But when it turns to IPv6 network, it doesn't work. (No drop, No log)
I also created a 'user defined' rule to test, such as blocking Destination IP '2001:4860:4860::8888', it works and logged the record, which shows IPv6 traffic has gone through the Intrusion Detection.
Any hint? Thanks very much!
Recently I met a problem, having searched for days I haven't found the solution.
In 'Services: Intrusion Detection', Suricata rules work well for IPv4 traffic, e.g.
Code: [Select]
alert tls any any -> any any (msg:"test google"; tls_sni; content:"google.com"; nocase; priority:1; sid:51000000; rev:1;)
It will drop google.com traffic (IPS mode).But when it turns to IPv6 network, it doesn't work. (No drop, No log)
Code: [Select]
curl -6 -i https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
...
I also created a 'user defined' rule to test, such as blocking Destination IP '2001:4860:4860::8888', it works and logged the record, which shows IPv6 traffic has gone through the Intrusion Detection.
Any hint? Thanks very much!