IPV6 Class block trigger

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
cybermonk
Junior Member
Posts: 6
Joined: 05 Feb 2011, 09:57

IPV6 Class block trigger

Post by cybermonk »

I have
LF_NETBLOCK_CLASS = C

It works perfectly for IPV4 but with IPV6 now being used more and more I've found this happening :-

: Network class C has been blocked
IP addresses that triggered the block
Sat Aug 4 00:46:03 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Sat Aug 4 00:46:23 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Sat Aug 4 02:56:36 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Sat Aug 4 02:57:06 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Sat Aug 4 11:20:06 2012 2a00:14f0:e000:74::2

I didn't think IPV6 had a sense of the legacy network classes. Also not sure how these are interpreted as a class C.

I know why these got blocked in the first place.
The first ones are attempts by the server to yum update using IPV6 and the kernel is Pre v2.6.20 (conn tracking ; see post -csf blocking some whois queries-)

The last one was a mistake on my part.

But would it not make more sense to give the NETBLOCK facility a LF_NETBLOCK_IPV6_SUBNET value.
Then we could set :-

LF_NETBLOCK_IPV6_SUBNET = 64

thereby blocking a /64 if the number of hits satisfy that.

Cheers,
Jim :)
Top
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: IPV6 Class block trigger

Post by ForumAdmin »

This is a bug as LF_NETBLOCK should be ignoring IPv6 addresses as stated in csf.conf. We'll fix the issue in the next release.
Top
cybermonk
Junior Member
Posts: 6
Joined: 05 Feb 2011, 09:57

Re: IPV6 Class block trigger

Post by cybermonk »

Thanks for the quick response.
Cheers
Jim :-)
Top
cybermonk
Junior Member
Posts: 6
Joined: 05 Feb 2011, 09:57

Re: IPV6 Class block trigger

Post by cybermonk »

An update. I just got a :-
Network class C has been blocked
Time: Thu Sep 6 00:47:03 2012 +0100
Block:
Hits: 5

IP addresses that triggered the block
Wed Sep 5 02:56:38 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Wed Sep 5 02:57:03 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Thu Sep 6 00:45:57 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Thu Sep 6 00:46:22 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Thu Sep 6 00:47:03 2012 2a01:00c0:0002:003d:0000:0000:0000:0002

running ConfigServer Security & Firewall - csf v5.60

I noticed in the changelog for 5.60
that :-

Fix LF_NETBLOCK to skip IPv6 addresses

was there. Any chance there is another source of this trigger that hasn't been told to ignore IPV6?
Cheers,
Jim :-)
Top
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: IPV6 Class block trigger

Post by ForumAdmin »

This should now be resolved in v2.61:
http://blog.configserver.com/index.php?itemid=672
Top
Post Reply

Return to “Report Bugs (csf)”