Does the sniff-tzsp action work in IPv6 firewall?

Kentzo · July 25, 2023, 10:28pm

I get nothing with “/ipv6/firewall/mangle add chain=* action=sniff-tzsp sniff-target= sniff-target-port=37008” in any chain. Does it work for anyone?

herger · July 26, 2023, 7:34am

Hi,

I have this rule in pre- and postrouting chains and its working; receiving a nice TZSP stream filled with IPv6 packets on the other end.

/ipv6 firewall mangle
add action=sniff-tzsp chain=prerouting in-interface=pppoe-out1 sniff-target=<ipv4> \
    sniff-target-port=37008
add action=sniff-tzsp chain=postrouting out-interface=pppoe-out1 sniff-target=<ipv4> \
    sniff-target-port=37008

I’m still running ROS7.7 so i can’t speak for newer versions though.

One thing that quite odd from my point of view is that i can only send to ipv4 addresses and not to ipv6 targets, but that’s true for sniff-tzsp in general. Lets hope Mikrotik fixes that with the general IPv6 overhaul currently ongoing.

Best

herger · July 26, 2023, 7:50am

BTW. while we are on topic, you might find this small little tool quite useful, I have it in my setup to feed suricata with the data of the pppoe link.

Kentzo · July 26, 2023, 8:10am

I’m on 7.9.2 and cannot get it to stream. Same action in /ip/firewall/mangle works just fine.

herger · July 26, 2023, 8:16am

Sounds like you might want to post a support ticket number in this thread soon (-;

Kentzo · July 28, 2023, 7:14am

Appears to work as expected in 7.10.2