Duble colon at start or end of IPV6
Posted: 08 Jun 2016, 01:39
Hello,
There is a problem in removing IPV6 with double colon at the start or end of IPV6 from csf.deny or csf.allow
Line 1339 and 1424 of csf.pl, it seems \b is not compatible with some IPV6 in the perl regular expression.
Regards
#### Tested on CentOS 7 - Perl v5.16.3
[root@server2:~] $ csf -c
csf is already at the latest version: v8.26
[root@server2:~] $ csf -d 2001:41d0:1000:f6a1::
Adding 2001:41d0:1000:f6a1:: to csf.deny and iptables DROP...
csf: IPSET adding [2001:41d0:1000:f6a1::] to set [chain_6_DENY]
[root@server2:~] $ csf -dr 2001:41d0:1000:f6a1::
csf: 2001:41d0:1000:f6a1:: not found in csf.deny
[root@server2:~] $ csf -a 2001:41d0:1000:f6a2::
Adding 2001:41d0:1000:f6a2:: to csf.allow and iptables ACCEPT...
csf: IPSET adding [2001:41d0:1000:f6a2::] to set [chain_6_ALLOW]
[root@server2:~] $ csf -ar 2001:41d0:1000:f6a2::
csf: 2001:41d0:1000:f6a2:: not found in csf.allow
[root@server2:~] $ csf -d ::ffff
Adding ::ffff to csf.deny and iptables DROP...
csf: IPSET adding [::ffff] to set [chain_6_DENY]
[root@server2:~] $ csf -dr ::ffff
csf: ::ffff not found in csf.deny
There is a problem in removing IPV6 with double colon at the start or end of IPV6 from csf.deny or csf.allow
Line 1339 and 1424 of csf.pl, it seems \b is not compatible with some IPV6 in the perl regular expression.
Regards
#### Tested on CentOS 7 - Perl v5.16.3
[root@server2:~] $ csf -c
csf is already at the latest version: v8.26
[root@server2:~] $ csf -d 2001:41d0:1000:f6a1::
Adding 2001:41d0:1000:f6a1:: to csf.deny and iptables DROP...
csf: IPSET adding [2001:41d0:1000:f6a1::] to set [chain_6_DENY]
[root@server2:~] $ csf -dr 2001:41d0:1000:f6a1::
csf: 2001:41d0:1000:f6a1:: not found in csf.deny
[root@server2:~] $ csf -a 2001:41d0:1000:f6a2::
Adding 2001:41d0:1000:f6a2:: to csf.allow and iptables ACCEPT...
csf: IPSET adding [2001:41d0:1000:f6a2::] to set [chain_6_ALLOW]
[root@server2:~] $ csf -ar 2001:41d0:1000:f6a2::
csf: 2001:41d0:1000:f6a2:: not found in csf.allow
[root@server2:~] $ csf -d ::ffff
Adding ::ffff to csf.deny and iptables DROP...
csf: IPSET adding [::ffff] to set [chain_6_DENY]
[root@server2:~] $ csf -dr ::ffff
csf: ::ffff not found in csf.deny