Extend auto-blocking to ip6tables

Question

Extend auto-blocking to ip6tables

mrash opened this issue 9 years ago · 4 comments

psad currently detects malicious traffic delivered via IPv6, but cannot also block such traffic in auto-blocking mode. psad should be extended to use ip6tables to close this gap.

tekand commented 7 years ago

+1

Answer 1 · 2017-07-01T08:45:08.000Z

I just upgraded my network to ipv6 and noticed that psad wasn't blocking anything. Dug through the code and noticed it only blocks what matches $ipv4_re. Since everything is managed through IPTables::ChainMgr, not sure how hard it would be to add ipv6 support. Not sure when I'd get a chance to look further. Is there any ETA on adding support?

Thanks for the software!

Answer 2 · 2018-05-04T20:28:04.000Z

Would be nice to have this feature. It is the last point which keeps me from running IPv6 on my system.

Answer 3 · 2018-08-27T21:17:05.000Z

Never coded perl before, but I'd like to give this a shot. IPTables::ChainMgr 1.6 does in fact support ipv6. It should be fairly straight forward to at least get a basic functional version of ipv6 auto blocking in place. Gonna see if I can figure it out. Let ya know how it goes.