Project

General

Profile

Actions

Feature #494

closed

ipv4 or ipv6 only rules

Added by Victor Julien over 12 years ago. Updated over 12 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Instead of "alert ip" allow for "alert ipv4" and "alert ip4". Likewise for IPv6.

Interesting question is how this should behave wrt address vars. If HOME_NET contains both ip4 and ip6, how should a rule like "alert ipv4 $HOME_NET..." behave? Error out? Use only the ipv4 part of the addresses?


Files


Related issues 1 (0 open1 closed)

Related to Suricata - Feature #506: Update rules analyser after #494 changesClosedEric Leblond07/13/2012Actions
Actions

Also available in: Atom PDF