psad icon indicating copy to clipboard operation
psad copied to clipboard
verified publisher icon mrash

Extend auto-blocking to ip6tables

Open mrash opened this issue 10 years ago • 4 comments

psad currently detects malicious traffic delivered via IPv6, but cannot also block such traffic in auto-blocking mode. psad should be extended to use ip6tables to close this gap.

mrash avatar Nov 21 '15 15:11 mrash

I just upgraded my network to ipv6 and noticed that psad wasn't blocking anything. Dug through the code and noticed it only blocks what matches $ipv4_re. Since everything is managed through IPTables::ChainMgr, not sure how hard it would be to add ipv6 support. Not sure when I'd get a chance to look further. Is there any ETA on adding support?

Thanks for the software!

smith153 avatar Jul 01 '17 08:07 smith153

+1

tekand avatar Mar 17 '18 00:03 tekand

Would be nice to have this feature. It is the last point which keeps me from running IPv6 on my system.

Peac avatar May 04 '18 20:05 Peac

Never coded perl before, but I'd like to give this a shot. IPTables::ChainMgr 1.6 does in fact support ipv6. It should be fairly straight forward to at least get a basic functional version of ipv6 auto blocking in place. Gonna see if I can figure it out. Let ya know how it goes.

subridet avatar Aug 27 '18 21:08 subridet