From owner-freebsd-security@freebsd.org Sat Nov 14 17:39:09 2020 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 254A52EFE00 for ; Sat, 14 Nov 2020 17:39:09 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CYMyh1d8Wz3hqs for ; Sat, 14 Nov 2020 17:39:07 +0000 (UTC) (envelope-from jhellenthal@dataix.net) Received: by mail-il1-x133.google.com with SMTP id k1so11393046ilc.10 for ; Sat, 14 Nov 2020 09:39:07 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:mime-version:disposition-notification-to :from:in-reply-to:date:content-transfer-encoding:message-id :references:to; bh=nLB8MpiBLBFSMAhvfgft/cTqlpxoeByXgFg1/MRKR8E=; b=o/TGkhs7FLbCYNrcUYvTLgRkNn81ruc0KveZMQByk9xLqHoZEtSKcADSFUE4WObg6G DfHFDH1Y++JAagobRjB2cFMueoSsOoxFp4hv7+0ut6nq3JuMuKXUZ2TWfjkXUB2/YMDU RxbBMiPRFMGVTt8TqXaZZPn/lDgVLnwV1GevMU4/4OZMEacknyE6Rg9gpOw0Kpfjt1kk goicJC88azKycIT7m+7krTIdTArVD3XLN9czFppTkuZRD5ygdZZ0JQQrAez5XrVTz8Ac bHuTWBFuNOXMviyeALt9yCJ2KJ43UdRdvyLybHtzL6krATB1DhElQbGrxWIOPkxAwvyj zZQw== X-Gm-Message-State: AOAM532FwZMzA8uq9pHRYAuH+GsiR7J8g/V/0ftYv46f7Oui6UFqaBsz 88Hxvsd3OHoyGuk8aLIJivnZ0fCyYMcQWg== X-Google-Smtp-Source: ABdhPJwRjtMq+8o6U0seVKBgN4Euk6gVbAEEdKPlJn1Q4qa3W8gxcE5oCu64setJpUKHT3UtJZJTxQ== X-Received: by 2002:a92:520b:: with SMTP id g11mr1566694ilb.14.1605375546087; Sat, 14 Nov 2020 09:39:06 -0800 (PST) Received: from 2603-6000-ca46-b9ed-082f-fd03-6baa-3d70.res6.spectrum.com (2603-6000-ca46-b9ed-082f-fd03-6baa-3d70.res6.spectrum.com. [2603:6000:ca46:b9ed:82f:fd03:6baa:3d70]) by smtp.gmail.com with ESMTPSA id 10sm6981968ill.75.2020.11.14.09.39.04 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 14 Nov 2020 09:39:05 -0800 (PST) Subject: Re: pf/pfctl loading CIDR tables & IPv6 Mime-Version: REDACTED Content-Type: text/plain; charset=utf-8 From: "J. Hellenthal" X-Priority: 1 X-Mailer: REDACTED In-Reply-To: Date: Sat, 14 Nov 2020 11:39:04 -0600 Content-Transfer-Encoding: quoted-printable Message-Id: References: To: freebsd-security@freebsd.org X-Rspamd-Queue-Id: 4CYMyh1d8Wz3hqs X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.49 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; XM_UA_NO_VERSION(0.01)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_NONE(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[dataix.net:+]; DMARC_POLICY_ALLOW(-0.50)[dataix.net,reject]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::133:from]; HAS_X_PRIO_ONE(0.00)[1]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[dataix.net:s=net]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::133:from:127.0.2.255]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::133:from]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 Nov 2020 17:39:09 -0000 I should also note here that after modifying the file and removing the = offending information there was also another error where =E2=80=9C/=E2=80=9C= character was being tested and failed for IPv6 but I do not have that = error available ATM. > On Nov 14, 2020, at 10:58, J. Hellenthal = wrote: >=20 > Hello List! >=20 > Hoping someone might be able to shed some light on this and get to a = conclusion faster than I have time for right now. >=20 >=20 > But while loading a CIDR formatted list with =E2=80=98#=E2=80=99 = comments from [1] I am getting the following error for multiple entries = >10 and results in the only the partial list being loaded into the = table=E2=80=A6 The settings to download the file[2] are from the Russian = Federation, IPv6 and in CIDR format. >=20 > =E2=80=9C (pfctl -v -t blacklist -T add -f [=E2=80=A6] > No ALTQ support in kernel > ALTQ related functions disabled > no IP address found for 2001:BB6:6A10:4200:58D7:5934:7 > pfctl: cannot load = Downloads/cidr-3ffe1c0826f41fbdced334355b66202c.txt: Undefined error: 0 > " >=20 > This happens both on FreeBSD 12-STABLE r367639 and the latest macOS = Big Sur >=20 > 1. https://www.ip2location.com/free/visitor-blocker > 2. = https://www.dropbox.com/s/8efctv56j6ocrbv/Screen%20Shot%202020-11-14%20at%= 2010.52.07.png?dl=3D0 >=20 >=20 > Appreciate any feedback on this and willing to test any patches to = resolve this situation. >=20 >=20 > Thank you >=20 > --=20 >=20 > J. Hellenthal >=20 > The fact that there's a highway to Hell but only a stairway to Heaven = says a lot about anticipated traffic volume. >=20 >=20 >=20 >=20 >=20 >=20 --=20 J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven = says a lot about anticipated traffic volume.