Topics

1

Intrusion Detection and Prevention / NOT Work for IPv6

« on: September 30, 2020, 08:18:06 am »

Hi all! First of all, I am very grateful to the opnsense software and the community, which brought me a lot of convenience in my work.

Recently I met a problem, having searched for days I haven't found the solution.

In 'Services: Intrusion Detection', Suricata rules work well for IPv4 traffic, e.g.

Code: [Select]

alert tls any any -> any any (msg:"test google"; tls_sni; content:"google.com"; nocase; priority:1; sid:51000000; rev:1;)It will drop google.com traffic (IPS mode).

But when it turns to IPv6 network, it doesn't work. (No drop, No log)

Code: [Select]

curl -6 -i https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
...
I also created a 'user defined' rule to test, such as blocking Destination IP '2001:4860:4860::8888', it works and logged the record, which shows IPv6 traffic has gone through the Intrusion Detection.

Any hint? Thanks very much!

2

20.7 Legacy Series / IPS: Some Suricata rules doesn't work for IPv6

« on: September 29, 2020, 09:47:00 am »

Sorry that I didn't notice there is a separate IDS forum.
My problem is Suricata rules work well for IPv4 traffic but not for IPv6.

It has been moved to https://forum.opnsense.org/index.php?topic=19375.0