Page 1 of 1

Duble colon at start or end of IPV6

Posted: 08 Jun 2016, 01:39
by MihanIT
Hello,

There is a problem in removing IPV6 with double colon at the start or end of IPV6 from csf.deny or csf.allow

Line 1339 and 1424 of csf.pl, it seems \b is not compatible with some IPV6 in the perl regular expression.

Regards




#### Tested on CentOS 7 - Perl v5.16.3

[root@server2:~] $ csf -c
csf is already at the latest version: v8.26

[root@server2:~] $ csf -d 2001:41d0:1000:f6a1::
Adding 2001:41d0:1000:f6a1:: to csf.deny and iptables DROP...
csf: IPSET adding [2001:41d0:1000:f6a1::] to set [chain_6_DENY]

[root@server2:~] $ csf -dr 2001:41d0:1000:f6a1::
csf: 2001:41d0:1000:f6a1:: not found in csf.deny

[root@server2:~] $ csf -a 2001:41d0:1000:f6a2::
Adding 2001:41d0:1000:f6a2:: to csf.allow and iptables ACCEPT...
csf: IPSET adding [2001:41d0:1000:f6a2::] to set [chain_6_ALLOW]

[root@server2:~] $ csf -ar 2001:41d0:1000:f6a2::
csf: 2001:41d0:1000:f6a2:: not found in csf.allow

[root@server2:~] $ csf -d ::ffff
Adding ::ffff to csf.deny and iptables DROP...
csf: IPSET adding [::ffff] to set [chain_6_DENY]

[root@server2:~] $ csf -dr ::ffff
csf: ::ffff not found in csf.deny

Re: Duble colon at start or end of IPV6

Posted: 08 Jun 2016, 08:40
by ForumAdmin
Thank you for reporting this. We will look into a fix in the next release.