Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - abysscong

#1
Intrusion Detection and Prevention / NOT Work for IPv6
September 30, 2020, 08:18:06 AM
Hi all! First of all, I am very grateful to the opnsense software and the community, which brought me a lot of convenience in my work.

Recently I met a problem, having searched for days I haven't found the solution.

In 'Services: Intrusion Detection', Suricata rules work well for IPv4 traffic, e.g.
alert tls any any -> any any (msg:"test google"; tls_sni; content:"google.com"; nocase; priority:1; sid:51000000; rev:1;)
It will drop google.com traffic (IPS mode).

But when it turns to IPv6 network, it doesn't work. (No drop, No log)
curl -6 -i https://google.com
HTTP/2 301
location: https://www.google.com/
content-type: text/html; charset=UTF-8
...


I also created a 'user defined' rule to test, such as blocking Destination IP '2001:4860:4860::8888', it works and logged the record, which shows IPv6 traffic has gone through the Intrusion Detection.

Any hint? Thanks very much!
#2
Sorry that I didn't notice there is a separate IDS forum.
My problem is Suricata rules work well for IPv4 traffic but not for IPv6.

It has been moved to https://forum.opnsense.org/index.php?topic=19375.0 :)