CSF blocking own short IPv6 address on Centos 8

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
marcele
Junior Member
Posts: 185
Joined: 17 Sep 2007, 17:02

CSF blocking own short IPv6 address on Centos 8

Post by marcele »

After enabling CT_LIMIT on a Centos 8 server I started getting these alerts:

Code: Select all

Time:        Tue Aug 25 20:00:54 2020 -0600
IP:          ::ffff:d88a:c0e6 (Unknown)
Connections: 504
Blocked:     Temporary Block for 1800 seconds [CT_LIMIT]
 
Connections:
tcp6: 0:0:0:0:0:ffff:d88a:c0e6:51064 -> 0:0:0:0:0:ffff:d88a:c0e6:7081 (TIME_WAIT)
tcp6: 0:0:0:0:0:ffff:d88a:c0e6:49206 -> 0:0:0:0:0:ffff:d88a:c0e6:7081 (TIME_WAIT)
tcp6: 0:0:0:0:0:ffff:d88a:c0e6:50700 -> 0:0:0:0:0:ffff:d88a:c0e6:7081 (TIME_WAIT)
tcp6: 0:0:0:0:0:ffff:d88a:c0e6:51124 -> 0:0:0:0:0:ffff:d88a:c0e6:7081 (TIME_WAIT)
tcp6: 0:0:0:0:0:ffff:d88a:c0e6:50722 -> 0:0:0:0:0:ffff:d88a:c0e6:7081 (TIME_WAIT)
::ffff:d88a:c0e6 is the short form IPv6 address of the servers own IPv4 IP address (216.138.192.230). CSF shouldn't block the servers own IP addresses. Also adding ::ffff:d88a:c0e6 to csf.ignore didn't seem to stop the alerts so I disabled the CT_LIMIT for now.
 
ForumAdmin
Moderator
Posts: 1478
Joined: 01 Oct 2008, 09:24

Re: CSF blocking own short IPv6 address on Centos 8

Post by ForumAdmin »

This should be fixed in v14.05 which we have just released.
marcele
Junior Member
Posts: 185
Joined: 17 Sep 2007, 17:02

Re: CSF blocking own short IPv6 address on Centos 8

Post by marcele »

Thanks chirpy!
Post Reply