LiMoon
commented
4 years ago firewallv6 ACCEPT ICMPV6 TO DROP, but IPv6 address ::/0 error
Error: invalid ip format :: ::/0
Closed madeITBelgium closed 4 years ago
LiMoon
commented
4 years ago firewallv6 ACCEPT ICMPV6 TO DROP, but IPv6 address ::/0 error
Error: invalid ip format :: ::/0
Credits webmaster Rob
Hi! I recently found a bug and want to report a bug in your fail2ban ipv6 scripts. I had to manually adjust 2 of your firewall scripts. I also had to update fail2ban action.d/vesta.conf as the original vesta.conf does not account for ipv6 / does not block ipv6 failures properly
ip6tables does not recognize icmp-port-unreachable had to change it to: icmp6-port-unreachable
diff v-update-firewall-ipv6 v-update-firewall-ipv6.bak 156c156 < echo " -j REJECT --reject-with icmp6-port-unreachable" >> $tmp
diff v-add-firewall-ipv6-ban v-add-firewall-ipv6-ban.bak 70c70 < -j REJECT --reject-with icmp6-port-unreachable 2>/dev/null
vesta.conf
Fail2Ban configuration file for vesta ipv6
[Definition]
actionstart = if [[ "" = "inet4" ]]; then /usr/local/vesta/bin/v-add-firewall-chain ; fi;
if [[ "" = "inet6" ]]; then /usr/local/vesta/bin/v-add-firewall-ipv6-chain ; fi;
actionstop = if [[ "" = "inet4" ]]; then /usr/local/vesta/bin/v-delete-firewall-chain ; fi;
if [[ "" = "inet6" ]]; then /usr/local/vesta/bin/v-delete-firewall-ipv6-chain ; fi;
actioncheck = if [[ "" = "inet4" ]]; then iptables -n -L INPUT | grep -q 'fail2ban-[ \t]'; fi;" = "inet6" ]]; then ip6tables -n -L INPUT | grep -q 'fail2ban-[ \t]'; fi;
actionban = if [[ "" = "inet4" ]]; then /usr/local/vesta/bin/v-add-firewall-ban ; fi;
if [[ "" = "inet6" ]]; then /usr/local/vesta/bin/v-add-firewall-ipv6-ban ; fi;
if [[ "
actionunban = if [[ "" = "inet4" ]]; then /usr/local/vesta/bin/v-delete-firewall-ban ; fi;
if [[ "" = "inet6" ]]; then /usr/local/vesta/bin/v-delete-firewall-ipv6-ban ; fi;