CSF is not adding ports to CC_ALLOWPORTS in ip6tables
Posted: 29 Jun 2016, 20:55
Hello,
Recently I enabled the IPv6 support in my office and because of that I decided to also start to enable IPv6 support on my servers too.
But after I configured everything I notice that the connection to ports that are in CC_ALLOW_PORTS_TCP are always going through IPv4 and never through IPv6. So I listed in IP6TABLES and IPTABLES I notice that the Chain CC_ALLOWPORTS is empty in IP6TABLES.
Currently the IPTABLES is showing this:
While the IP6TABLES is showing this:
I think thats because is missing/buging implementation of CC_ALLOW_PORTS_TCP to IPv6, and only the the IPv6 list is being loaded and not the ports.
Please, can you verify it?
Thanks
Recently I enabled the IPv6 support in my office and because of that I decided to also start to enable IPv6 support on my servers too.
But after I configured everything I notice that the connection to ports that are in CC_ALLOW_PORTS_TCP are always going through IPv4 and never through IPv6. So I listed in IP6TABLES and IPTABLES I notice that the Chain CC_ALLOWPORTS is empty in IP6TABLES.
Currently the IPTABLES is showing this:
Code: Select all
[...]
Chain CC_ALLOWP (1 references)
target prot opt source destination
CC_ALLOWPORTS all -- 5.8.45.0/25 0.0.0.0/0
CC_ALLOWPORTS all -- 5.10.192.0/21 0.0.0.0/0
CC_ALLOWPORTS all -- 15.227.249.0/24 0.0.0.0/0
CC_ALLOWPORTS all -- 17.45.170.112 0.0.0.0/0
CC_ALLOWPORTS all -- 23.97.96.0/19 0.0.0.0/0
[...]
Chain CC_ALLOWPORTS (2483 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:21
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2083
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2096
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:2078
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:3306
Chain DENYIN (1 references)
target prot opt source destination
REJECT all -- 93.93.69.141 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT tcp -- 181.222.118.86 0.0.0.0/0 tcp dpt:25 reject-with icmp-port-unreachable
REJECT tcp -- 181.222.118.86 0.0.0.0/0 tcp dpt:465 reject-with icmp-port-unreachable
[...]
Code: Select all
Chain CC_ALLOWP (1 references)
target prot opt source destination
CC_ALLOWPORTS all 2001:1280::/32 ::/0
CC_ALLOWPORTS all 2001:1284::/32 ::/0
CC_ALLOWPORTS all 2001:1288::/32 ::/0
CC_ALLOWPORTS all 2001:128c::/32 ::/0
CC_ALLOWPORTS all 2001:1290::/31 ::/0
[...]
Chain CC_ALLOWPORTS (3470 references)
target prot opt source destination
Chain DENYIN (1 references)
target prot opt source destination
[...]
Please, can you verify it?
Thanks