[Snort-users] Snort 2.9 for IPv6

oleg gv oagvozd at gmail.com
Wed Feb 21 09:17:37 EST 2018

I can not see alert on the next rules

alert ip any any --> IPV6_ADDRESS any (...)

alert icmp any any --> IPV6_ADDRESS any (...)

I use ping6 to test it.

Ipv4 test works fine.

Snort is build with --enable-ipv6 and uses ip6tables NFQUEUE.

Other ipv6 tcp/udp alerts also works fine.

Is it possible to detect IPv6 addresses in ip/icmp protocol rules  ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20180221/dd32538e/attachment.html>

More information about the Snort-users mailing list