torrenteer Posted February 11, 2009 Report Share Posted February 11, 2009 Applying ipv4 ipfilters to 6to4 and Teredo ipv6 addresses would be a good feature.For example, if 213.114.104.123 is banned in ipfilter.dat, all connections from 2002:d572:687b:* and 2001::*:2a8d:9784 should also be disallowed. Link to comment Share on other sites More sharing options...
Firon Posted February 13, 2009 Report Share Posted February 13, 2009 How are the IPs encoded in 6to4 addresses?We already have the logic for detecting ipv4 addresses in Teredo to avoid duplicate connections, so it wouldn't be hard to add it for at least Teredo. Link to comment Share on other sites More sharing options...
torrenteer Posted February 13, 2009 Author Report Share Posted February 13, 2009 How are the IPs encoded in 6to4 addresses?The first group is always 2002.For an IPv4 address of A.B.C.D, the second group is 256*A + B and the third group is 256*C + D.ipv4: 213.114.104.123256*213 + 114 = 54642 = d572 in hexadecimal256*104 + 123 = 26747 = 687b in hexadecimal6to4: 2002:d572:687b:* Link to comment Share on other sites More sharing options...
Switeck Posted March 10, 2009 Report Share Posted March 10, 2009 How do you block an IPv6 range in ipfilter.dat? Link to comment Share on other sites More sharing options...
moogly Posted March 11, 2009 Report Share Posted March 11, 2009 Like IPv4 no? IPv6 subnet with consecutive IPs has the same incrementation so using dash (-) is possible no? Link to comment Share on other sites More sharing options...
Firon Posted March 13, 2009 Report Share Posted March 13, 2009 Nope. Link to comment Share on other sites More sharing options...
NV Posted April 7, 2009 Report Share Posted April 7, 2009 In some cases this would be useful, in other cases it would be very annoying. If this was implemented, I for one would like there to be an option to enable/disable it.Example: Some IPv4 addresses are free traffic for your ISP (peerings your isp has/etc), within that IPv4 space there is a tunnel broker providing free IPv6 connectivity. Et voila, you now have free IPv6 transport to anywhere in the world that is IPv6 enabled, and free IPv4 transit to a select number of hosts (within the IPv4 peering space). One can configure their ipfilter.dat to allow only the IPv4 that is free and block everything else, however one does not want to block any teredo IPv6 address from an IPv6 host whose IPv4 is blocked And yes, this situation exists... Link to comment Share on other sites More sharing options...
Switeck Posted April 22, 2009 Report Share Posted April 22, 2009 Is it on the to-do list to block an IPv6 range using ipfilter.dat? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.