Snort Crashes with IPv6 DNS Servers
-
Snort crashes with a fatal error if any IPv6 addresses are set as DNS servers in pfSense's General Settings and any of the rule sets are checked off. The address in question is 2620:0:ccc::2
Aug 10 20:48:53 snort[43665]: FATAL ERROR: /usr/local/etc/snort/snort_59031_em0/rules/pfsense-voip.rules(1): Unable to parse rule netmask (0:ccc::2) Aug 10 20:48:53 snort[43665]: FATAL ERROR: /usr/local/etc/snort/snort_59031_em0/rules/pfsense-voip.rules(1): Unable to parse rule netmask (0:ccc::2)
-
You have to create a custom NETLIST and uncheck "Add WAN DNS servers to the list" then add your IPv4 DNS IPs to it. I beleive snort needs to be re-compile for IPv6 or its not supported yet…
-
Where do I create a custom NETLIST? I can't seem to find it on any of the snort configuration tabs.
-
Whitelist tab.. Add a new one, select NETLIST for List type… Once that is done, go to the interface setup, under 'Home net' select your list from the drop down
-
Thanks, worked perfectly.
-
Your welcome :-)