ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

IPV6 Class block trigger

https://mail.forum.configserver.com/viewtopic.php?t=5693

Page 1 of 1

IPV6 Class block trigger

Posted: 04 Aug 2012, 12:29
by cybermonk
I have
LF_NETBLOCK_CLASS = C

It works perfectly for IPV4 but with IPV6 now being used more and more I've found this happening :-

: Network class C has been blocked
IP addresses that triggered the block
Sat Aug 4 00:46:03 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Sat Aug 4 00:46:23 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Sat Aug 4 02:56:36 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Sat Aug 4 02:57:06 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Sat Aug 4 11:20:06 2012 2a00:14f0:e000:74::2

I didn't think IPV6 had a sense of the legacy network classes. Also not sure how these are interpreted as a class C.

I know why these got blocked in the first place.
The first ones are attempts by the server to yum update using IPV6 and the kernel is Pre v2.6.20 (conn tracking ; see post -csf blocking some whois queries-)

The last one was a mistake on my part.

But would it not make more sense to give the NETBLOCK facility a LF_NETBLOCK_IPV6_SUBNET value.
Then we could set :-

LF_NETBLOCK_IPV6_SUBNET = 64

thereby blocking a /64 if the number of hits satisfy that.

Cheers,
Jim :)

Re: IPV6 Class block trigger

Posted: 04 Aug 2012, 16:28
by ForumAdmin
This is a bug as LF_NETBLOCK should be ignoring IPv6 addresses as stated in csf.conf. We'll fix the issue in the next release.

Re: IPV6 Class block trigger

Posted: 04 Aug 2012, 17:12
by cybermonk
Thanks for the quick response.
Cheers
Jim :-)

Re: IPV6 Class block trigger

Posted: 06 Sep 2012, 10:45
by cybermonk
An update. I just got a :-
Network class C has been blocked
Time: Thu Sep 6 00:47:03 2012 +0100
Block:
Hits: 5

IP addresses that triggered the block
Wed Sep 5 02:56:38 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Wed Sep 5 02:57:03 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Thu Sep 6 00:45:57 2012 2a01:00c0:0002:0004:0216:3eff:fe0d:266d
Thu Sep 6 00:46:22 2012 2a02:2498:0001:003d:5054:00ff:fed3:e91a
Thu Sep 6 00:47:03 2012 2a01:00c0:0002:003d:0000:0000:0000:0002

running ConfigServer Security & Firewall - csf v5.60

I noticed in the changelog for 5.60
that :-

Fix LF_NETBLOCK to skip IPv6 addresses

was there. Any chance there is another source of this trigger that hasn't been told to ignore IPV6?
Cheers,
Jim :-)

Re: IPV6 Class block trigger

Posted: 21 Sep 2012, 09:46
by ForumAdmin
This should now be resolved in v2.61:
http://blog.configserver.com/index.php?itemid=672
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited