We have the issue that some IPv6s were rejected by the filter, because of how the ::ffff:* IPs are defined. The concatenation in ip6FromIp4Blacklist led to entries such as ::ffff:127.0.0.0/8, which meant that all v6 IPs that start with 0x00 would be rejected (which applies to some used in our environment). The ipaddr.js library actually has native support for ::ffff:* and converts them to IPv4 addresses on parsing so the entries from ip6FromIp4Blacklist are actually not used for matching.
I added an additional test case to make sure the filter is correct.
We have the issue that some IPv6s were rejected by the filter, because of how the
::ffff:*
IPs are defined. The concatenation inip6FromIp4Blacklist
led to entries such as::ffff:127.0.0.0/8
, which meant that all v6 IPs that start with 0x00 would be rejected (which applies to some used in our environment). Theipaddr.js
library actually has native support for::ffff:*
and converts them to IPv4 addresses on parsing so the entries fromip6FromIp4Blacklist
are actually not used for matching.I added an additional test case to make sure the filter is correct.