On Mon, 20 Sep 2010 20:03:43 +0200 Yves Goergen <nospam.l...@unclassified.de> wrote:
> I'm currently testing a rather simple fix: I've added the following > line to Botnet.cf to ignore anything from IPv6 (hope it works): Alternately you can do this by rewriting the BOTNET rule as a metarule (see Botnet.variants.txt) and incorporating an IPv6 check into that. I haven't checked, but it may be that not all of the subtests fail under IPv6 and something can be salvaged. Also some of the functionality might be recreated using header rules e.g. BOTNET_NORDNS could supplemented by RDNS_NONE.
