IPv6 support
Closed this issue · 2 comments
Rìg must support IPv6.
- iptables supports IPv6.
- ipset supports IPv6.
-
add an<IPV6>
tag inellis/filter.py
. - add an
<IP>
tag inellis/filter.py
(this tag catches both IPv4 and IPv6). - support both IPv4 and IPv6 in
ellis_actions/ipset.py
. - write documentation:
- need a specific ipset (
ipset create ellis_blacklist6 hash:ip family inet6 timeout 86400 counters
). - need a specific rule for
ip6tables
.
- need a specific ipset (
Support is here since c82649f
It's kinda basic but should be OK for now.
The strategy is as follow : rather than using an IPv6 address regex (which seems really complex), we use a voluntarily lose regex to catch both IPv4 and IPv6. We then check the validity of the caught IP address thanks to Python.
This check is done in ellis_actions/ipset.py
but it might be useful in the future to put it somewhere else.
To ban clients, we have to use a specific ipset for IPv4 and another one for IPv6 (this limitation is due to ipset). The names of these two ipsets are hardcoded (ellis_blacklist4
and ellis_blacklist6
).
I still have to write the doc (how to create the ipsets, how to modify the iptables rulesets, ...).
Doc is here : https://github.com/Frzk/Ellis/wiki/Banning