banIP support thread


#62

Although this Serverfault question is about IPv6 in from-torange/P2P-style format, it does seem that IPSet supports adding IP's for IPv4 in the from-torange/P2P-style format nowadays.


#63

Ok, so I've been running banip with a HE.net 6in4 tunnel (@hisham2630 I looked again, and HE now has a local tunnel endpoint with acceptable latency). So far, a summary of bits which have arisen:

  1. Whitelist functionality does not seem to cover IPv6, it seems there is no creation of IPv6 whitelist sets, despite my whitelist having an IPv6 address in it.
  2. IPv6 sets are applied to WAN interfaces having only IPv4 connectivity, i.e. the interfaces are added to the IPv6 banIP list, and vice versa for interfaces having only IPv4 address.

For 2 in the above list, I have tried disabling the "builtin IPv6 functionality" for the interfaces. I have also tried having a separate firewall zone for IPv4 with it restricted to only IPv4, and the same for an IPv6 zone, also limited to only IPv6.

Thank you for all of your hard work on this! Please contact me if I can provide any more troubleshooting info, it might be a bit delayed this time as I am back at work, and rather busy all around. :frowning:


#64

Hi, many many thanks for your testing efforts & your support! :+1:
It would be nice to get a full (debug enabled) banIP runtime log via PM or email to my maintainers address - and take your time ,,, currently my daytime job is very tempting, too. :wink:

Edit: Please provide your whitelist (with IPv6 addresses too, cause I can't reproduce that).


#65

Will do so, my next chance to strip down to a "barebones" config/firmware will likely only be this coming weekend. (One day I'll have the luxury of a spare router for to mess about with, without risking unemployment as a side effect. :stuck_out_tongue: )

I'll send an archive of everything related, and likely some stuff which is not.