Date: Sat, 14 Nov 2020 10:59:17 -0800 From: John-Mark Gurney <jmg@funkthat.com> To: "J. Hellenthal" <jhellenthal@dataix.net> Cc: FreeBSD-security@freebsd.org Subject: Re: pf/pfctl loading CIDR tables & IPv6 Message-ID: <20201114185917.GN31099@funkthat.com> In-Reply-To: <F1F41363-4296-4DA0-A4B9-6B9DB600E59A@dataix.net> References: <20201114183908.GL31099@funkthat.com> <F1F41363-4296-4DA0-A4B9-6B9DB600E59A@dataix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
J. Hellenthal wrote this message on Sat, Nov 14, 2020 at 12:49 -0600:
> Well shoot! I don???t even think about going down that rabbit hole. Thank you.
> >> no IP address found for 2001:BB6:6A10:4200:58D7:5934:7
The `no IP address found for` triggered my, it's trying to do a name
lookup thought process, but that'd only happen if it wasn't a valid
address..
> Wondering if it be more useful tho to skip past those formatting errors to continue reading the rest of the list instead of just discarding the results and not loading the remainder.
Don't have a strong opinion on this...
> I???ll be in touch with ip2locatiin as well
>
> --
> J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
>
> > On Nov 14, 2020, at 12:39, John-Mark Gurney <jmg@funkthat.com> wrote:
> >
> > ???J. Hellenthal via freebsd-security wrote this message on Sat, Nov 14, 2020 at 10:58 -0600:
> >> Hoping someone might be able to shed some light on this and get to a conclusion faster than I have time for right now.
> >>
> >>
> >> But while loading a CIDR formatted list with ???#??? comments from [1] I am getting the following error for multiple entries >10 and results in the only the partial list being loaded into the table??? The settings to download the file[2] are from the Russian Federation, IPv6 and in CIDR format.
> >>
> >> ??? (pfctl -v -t blacklist -T add -f [???]
> >> No ALTQ support in kernel
> >> ALTQ related functions disabled
> >> no IP address found for 2001:BB6:6A10:4200:58D7:5934:7
> >
> > Well, this isn't a valid ipv6 address. There are only 7 segments,
> > where as an ipv6 address needs 8. There is not a :: to fill out the
> > missing segment.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20201114185917.GN31099>