1
Intrusion Detection and Prevention / User defined rules with dynamic IPv6 prefix possible somehow?
« on: November 17, 2023, 07:39:59 pm »
I just found this article: IPS Bypass local traffic from inspection
It made me curious to try Suricata again. You see, I depend on a PPPoE connection from my ISP for WAN and I get a dynamic IPv6 prefix. The PPPoE connection means that I can't use my WAN port in Suricata. Now I'd like to let Suricata bypass any traffic from any local machine to any other local machine in my home LAN. The article linked above explains what to do to make it work for IPv4, which is good. The problem here is the IPv6 part. The article states to create a rule with my prefix. But because my prefix is dynamic, the rule won't work any longer after a reboot or reset of the PPPoE connection. So what options do I have here? Aliases don't work.
It made me curious to try Suricata again. You see, I depend on a PPPoE connection from my ISP for WAN and I get a dynamic IPv6 prefix. The PPPoE connection means that I can't use my WAN port in Suricata. Now I'd like to let Suricata bypass any traffic from any local machine to any other local machine in my home LAN. The article linked above explains what to do to make it work for IPv4, which is good. The problem here is the IPv6 part. The article states to create a rule with my prefix. But because my prefix is dynamic, the rule won't work any longer after a reboot or reset of the PPPoE connection. So what options do I have here? Aliases don't work.