Hi all! First of all, I am very grateful to the opnsense software and the community, which brought me a lot of convenience in my work.
Recently I met a problem, having searched for days I haven't found the solution.
In 'Services: Intrusion Detection', Suricata rules work well for IPv4 traffic, e.g.
It will drop google.com traffic (IPS mode).
But when it turns to IPv6 network, it doesn't work. (No drop, No log)
I also created a 'user defined' rule to test, such as blocking Destination IP '2001:4860:4860::8888', it works and logged the record, which shows IPv6 traffic has gone through the Intrusion Detection.
Any hint? Thanks very much!
Recently I met a problem, having searched for days I haven't found the solution.
In 'Services: Intrusion Detection', Suricata rules work well for IPv4 traffic, e.g.
Code Select
alert tls any any -> any any (msg:"test google"; tls_sni; content:"google.com"; nocase; priority:1; sid:51000000; rev:1;)
It will drop google.com traffic (IPS mode).
But when it turns to IPv6 network, it doesn't work. (No drop, No log)
Code Select
curl -6 -i https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
...
I also created a 'user defined' rule to test, such as blocking Destination IP '2001:4860:4860::8888', it works and logged the record, which shows IPv6 traffic has gone through the Intrusion Detection.
Any hint? Thanks very much!