Snort Crashes with IPv6 DNS Servers



  • Snort crashes with a fatal error if any IPv6 addresses are set as DNS servers in pfSense's General Settings and any of the rule sets are checked off. The address in question is 2620:0:ccc::2

    Aug 10 20:48:53 	snort[43665]: FATAL ERROR: /usr/local/etc/snort/snort_59031_em0/rules/pfsense-voip.rules(1): Unable to parse rule netmask (0:ccc::2)
    Aug 10 20:48:53 	snort[43665]: FATAL ERROR: /usr/local/etc/snort/snort_59031_em0/rules/pfsense-voip.rules(1): Unable to parse rule netmask (0:ccc::2)
    


  • You have to create a custom NETLIST and uncheck "Add WAN DNS servers to the list" then add your IPv4 DNS IPs to it. I beleive snort needs to be re-compile for IPv6 or its not supported yet…



  • Where do I create a custom NETLIST? I can't seem to find it on any of the snort configuration tabs.



  • Whitelist tab.. Add a new one, select NETLIST for List type… Once that is done, go to the interface setup, under 'Home net' select your list from the drop down



  • Thanks, worked perfectly.



  • Your welcome :-)


Locked