From owner-freebsd-security@freebsd.org Sat Nov 14 16:58:56 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 1B2FA2EEC26 for ; Sat, 14 Nov 2020 16:58:56 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-il1-x129.google.com (mail-il1-x129.google.com [IPv6:2607:f8b0:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CYM4H0VLDz3Pcp for ; Sat, 14 Nov 2020 16:58:54 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: by mail-il1-x129.google.com with SMTP id y9so11355836ilb.0 for ; Sat, 14 Nov 2020 08:58:54 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:mime-version:disposition-notification-to :from:date:content-transfer-encoding:message-id:to; bh=sBdeNh386RCRl6vWeWBJ9ES1ywQx1ScsFA8VwmZbdGY=; b=kn3EtbCoUOsKMStMnKPGN5MejKVRyblJiSHDQMtNhOiFNwOqdODcSBBUqJ75NLQ0m9 bwUrDcVTx+6Lz+iZdKIDHWHFqw489mw3H1IDwZEbbMCmzyIYQfCQEp7uvwl6+He6cTRF aWQbYcBOboA0go7yrOjo5ksaIOCDwMR8KBCG5/etwhhVuE/Yi43TnRMOkd7Z0Jyy1F42 b5ob9B5tnmYYmy/PiIk2u8WGZJbU+WF3kuc7FESbXy3xW9THJy8+1mWfqXq87fY24uAv brjCMrpK4aqwLN2rgxwI7s3qhquQQGSN7MNT6MqwK+IE5UHijC8ulU76ac7h+TxmQj4F I8Lw== X-Gm-Message-State: AOAM53004iS01rYAfWxDR+VX4hEsIFgod35ixnklf6YyQL89YeWKhWxS ru1NOspHT6gqFuFJXhJNyLgU99is2DCaug== X-Google-Smtp-Source: ABdhPJwnwEkZ9ZFDCOx1WVfVVqT2ewY7Y2qmntB9jDpYzQX+MjYRQ4dhFJOFJYRhRamoP3zwBxfMcA== X-Received: by 2002:a92:c7ae:: with SMTP id f14mr3763820ilk.202.1605373133251; Sat, 14 Nov 2020 08:58:53 -0800 (PST) Received: from 2603-6000-ca46-b9ed-082f-fd03-6baa-3d70.res6.spectrum.com (2603-6000-ca46-b9ed-082f-fd03-6baa-3d70.res6.spectrum.com. [2603:6000:ca46:b9ed:82f:fd03:6baa:3d70]) by smtp.gmail.com with ESMTPSA id l18sm6448154ioc.31.2020.11.14.08.58.52 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Nov 2020 08:58:52 -0800 (PST) Content-Type: text/plain; charset=utf-8 Subject: pf/pfctl loading CIDR tables & IPv6 Mime-Version: REDACTED From: "J. Hellenthal" X-Priority: 1 X-Mailer: REDACTED Date: Sat, 14 Nov 2020 10:58:51 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: To: freebsd-security@freebsd.org X-Rspamd-Queue-Id: 4CYM4H0VLDz3Pcp X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.49 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; XM_UA_NO_VERSION(0.01)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[dataix.net:+]; DMARC_POLICY_ALLOW(-0.50)[dataix.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::129:from]; HAS_X_PRIO_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[dataix.net:s=net]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::129:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::129:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Nov 2020 16:58:56 -0000 Hello List! Hoping someone might be able to shed some light on this and get to a = conclusion faster than I have time for right now. But while loading a CIDR formatted list with =E2=80=98#=E2=80=99 = comments from [1] I am getting the following error for multiple entries = >10 and results in the only the partial list being loaded into the = table=E2=80=A6 The settings to download the file[2] are from the Russian = Federation, IPv6 and in CIDR format. =E2=80=9C (pfctl -v -t blacklist -T add -f [=E2=80=A6] No ALTQ support in kernel ALTQ related functions disabled no IP address found for 2001:BB6:6A10:4200:58D7:5934:7 pfctl: cannot load Downloads/cidr-3ffe1c0826f41fbdced334355b66202c.txt: = Undefined error: 0 " This happens both on FreeBSD 12-STABLE r367639 and the latest macOS Big = Sur 1. https://www.ip2location.com/free/visitor-blocker 2. = https://www.dropbox.com/s/8efctv56j6ocrbv/Screen%20Shot%202020-11-14%20at%= 2010.52.07.png?dl=3D0 Appreciate any feedback on this and willing to test any patches to = resolve this situation. Thank you --=20 J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven = says a lot about anticipated traffic volume.