CSF is not adding ports to CC_ALLOWPORTS in ip6tables

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
yuriccp
Junior Member
Posts: 2
Joined: 29 Jun 2016, 20:19

CSF is not adding ports to CC_ALLOWPORTS in ip6tables

Post by yuriccp »

Hello,

Recently I enabled the IPv6 support in my office and because of that I decided to also start to enable IPv6 support on my servers too.

But after I configured everything I notice that the connection to ports that are in CC_ALLOW_PORTS_TCP are always going through IPv4 and never through IPv6. So I listed in IP6TABLES and IPTABLES I notice that the Chain CC_ALLOWPORTS is empty in IP6TABLES.

Currently the IPTABLES is showing this:

Code: Select all

[...]
Chain CC_ALLOWP (1 references)
target     prot opt source               destination         
CC_ALLOWPORTS  all  --  5.8.45.0/25          0.0.0.0/0           
CC_ALLOWPORTS  all  --  5.10.192.0/21        0.0.0.0/0           
CC_ALLOWPORTS  all  --  15.227.249.0/24      0.0.0.0/0           
CC_ALLOWPORTS  all  --  17.45.170.112        0.0.0.0/0           
CC_ALLOWPORTS  all  --  23.97.96.0/19        0.0.0.0/0
[...]

Chain CC_ALLOWPORTS (2483 references)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:21
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2083
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2096
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2078
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:3306

Chain DENYIN (1 references)
target     prot opt source               destination         
REJECT     all  --  93.93.69.141         0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     tcp  --  181.222.118.86       0.0.0.0/0            tcp dpt:25 reject-with icmp-port-unreachable
REJECT     tcp  --  181.222.118.86       0.0.0.0/0            tcp dpt:465 reject-with icmp-port-unreachable
[...]
While the IP6TABLES is showing this:

Code: Select all

Chain CC_ALLOWP (1 references)
target     prot opt source               destination         
CC_ALLOWPORTS  all      2001:1280::/32       ::/0                
CC_ALLOWPORTS  all      2001:1284::/32       ::/0                
CC_ALLOWPORTS  all      2001:1288::/32       ::/0                
CC_ALLOWPORTS  all      2001:128c::/32       ::/0                
CC_ALLOWPORTS  all      2001:1290::/31       ::/0
[...]
Chain CC_ALLOWPORTS (3470 references)
target     prot opt source               destination         

Chain DENYIN (1 references)
target     prot opt source               destination
[...]
I think thats because is missing/buging implementation of CC_ALLOW_PORTS_TCP to IPv6, and only the the IPv6 list is being loaded and not the ports.

Please, can you verify it?

Thanks
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: CSF is not adding ports to CC_ALLOWPORTS in ip6tables

Post by ForumAdmin »

Thank you for reporting this, we will have a fix for it in the next csf release.
ForumAdmin
Moderator
Posts: 1523
Joined: 01 Oct 2008, 09:24

Re: CSF is not adding ports to CC_ALLOWPORTS in ip6tables

Post by ForumAdmin »

This should now be fixed in v9.07:
http://blog.configserver.com/
Post Reply