Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata IPS mode kills IPv6
« previous
next »
Print
Pages: [
1
]
Author
Topic: Suricata IPS mode kills IPv6 (Read 4460 times)
john9527
Newbie
Posts: 22
Karma: 1
Suricata IPS mode kills IPv6
«
on:
April 26, 2018, 09:14:52 am »
I had been running Suricata in IDS mode on the wan interface for several days without problems and things looked reasonable for the rules I had selected, so today I tried to enable IPS mode. This killed my IPv6 connectivity. It looks like IPS mode causes a restart of the wan interface. From the syslog,
Apr 25 19:45:31 kernel: igb0: link state changed to DOWN
Apr 25 19:45:31 opnsense: /usr/local/etc/rc.linkup: DEVD Ethernet detached event for wan
Apr 25 19:45:32 opnsense: /usr/local/etc/rc.newwanipv6: IP renewal is starting on 'igb0'
Apr 25 19:45:32 opnsense: /usr/local/etc/rc.newwanipv6: On (IP address: ) (interface: WAN[wan]) (real interface: igb0).
Apr 25 19:45:32 opnsense: /usr/local/etc/rc.newwanipv6: Failed to detect IP for WAN[wan]
Apr 25 19:45:32 opnsense: /usr/local/etc/rc.linkup: Clearing states to old gateway 68.xxx.xxx.xxx.
Apr 25 19:45:35 kernel: igb0: link state changed to UP
Not a lot of chance of a renew when the link is down. In rc.newwanipv6 it defers the renew if booting. Should similar logic be applied if the interface is down?
«
Last Edit: April 26, 2018, 09:20:48 am by john9527
»
Logged
BeNe
Full Member
Posts: 113
Karma: 13
Use *BSD and feel free!
Re: Suricata IPS mode kills IPv6
«
Reply #1 on:
April 26, 2018, 09:35:51 am »
Yes! There is already a thread open -->
https://forum.opnsense.org/index.php?topic=7666.0
I still had not time to debug and spend some more informations about it.
Logged
john9527
Newbie
Posts: 22
Karma: 1
Re: Suricata IPS mode kills IPv6
«
Reply #2 on:
April 26, 2018, 10:10:02 am »
Thanks for the pointer....my google-foo failed me (I do try and search before starting a new thread).
I'll follow the other thread. Thanks again.
«
Last Edit: April 26, 2018, 10:28:34 am by john9527
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
Suricata IPS mode kills IPv6