IPv6 support

Question

IPv6 support

Closed this issue 8 years ago · 2 comments

Frzk commented 8 years ago

Rìg must support IPv6.

iptables supports IPv6.
ipset supports IPv6.
~~add an <IPV6> tag in ellis/filter.py.~~
add an <IP> tag in ellis/filter.py (this tag catches both IPv4 and IPv6).
support both IPv4 and IPv6 in ellis_actions/ipset.py.
write documentation:
- need a specific ipset (ipset create ellis_blacklist6 hash:ip family inet6 timeout 86400 counters).
- need a specific rule for ip6tables.

Answer 1 · 2016-09-13T15:17:48.000Z

Support is here since c82649f

It's kinda basic but should be OK for now.

The strategy is as follow : rather than using an IPv6 address regex (which seems really complex), we use a voluntarily lose regex to catch both IPv4 and IPv6. We then check the validity of the caught IP address thanks to Python.

This check is done in ellis_actions/ipset.py but it might be useful in the future to put it somewhere else.

To ban clients, we have to use a specific ipset for IPv4 and another one for IPv6 (this limitation is due to ipset). The names of these two ipsets are hardcoded (ellis_blacklist4 and ellis_blacklist6).

I still have to write the doc (how to create the ipsets, how to modify the iptables rulesets, ...).

Answer 2 · 2016-09-26T10:07:02.000Z

Doc is here : https://github.com/Frzk/Ellis/wiki/Banning