Feature #494: ipv4 or ipv6 only rules - Suricata - Open Information Security Foundation

Actions

Copy link

Feature #494

closed

ipv4 or ipv6 only rules

Added by Victor Julien over 12 years ago. Updated about 12 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Eric Leblond

Target version:

1.4beta1

Effort:

Difficulty:

Label:

Description

Instead of "alert ip" allow for "alert ipv4" and "alert ip4". Likewise for IPv6.

Interesting question is how this should behave wrt address vars. If HOME_NET contains both ip4 and ip6, how should a rule like "alert ipv4 $HOME_NET..." behave? Error out? Use only the ipv4 part of the addresses?

Files

Download all files

0001-sig-Add-ipv6-and-ipv4-to-list-of-protocols.patch (4.23 KB) 0001-sig-Add-ipv6-and-ipv4-to-list-of-protocols.patch		Eric Leblond, 07/17/2012 02:52 AM
0002-sig-add-l3_proto-keyword.patch (6.87 KB) 0002-sig-add-l3_proto-keyword.patch		Eric Leblond, 07/17/2012 02:52 AM

Related issues 1 (0 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Feature #494

ipv4 or ipv6 only rules

Updated by Eric Leblond over 12 years ago

Updated by Victor Julien over 12 years ago

Updated by Eric Leblond over 12 years ago

Updated by Eric Leblond over 12 years ago

Updated by Eric Leblond over 12 years ago

Updated by Eric Leblond about 12 years ago

Updated by Victor Julien about 12 years ago