pfSense Forum

pfSense English Support => General Questions => Topic started by: newUser2pfSense on February 06, 2018, 04:37:32 pm

Title: Suricata & IPv6 Alerts
Post by: newUser2pfSense on February 06, 2018, 04:37:32 pm
Iíve installed and configured Suricata with no issues; currently only using it on the WAN.  For blocking, Iím using the Inline IPS Mode; it seems to be working so far.  In System / Advanced / Networking, Iíve unchecked Allow IPv6.

From the Suricata WAN Categories/Rules Iíve enabled, when I look at the Suricata Alerts, I see a lot of IPv6 addresses in the Src and Dst columns.  They seem to stem from entries in the decoder-events.rules:
SURICATA zero length padN option
SURICATA ICMPv6 unknown code
Sport 131 and 132 are used.

Iíve configured both entries for Rule action is drop.

Nevertheless, I thought I disabled IPv6.  I have no devices on my network configured for IPv6.  Any suggestions as to why Iím seeing these IPv6 addresses in the the Src and Dst columns of the Suricata Alerts section?  Thanks.