IP Blocks can inadvertently catch ipv6 null-address

[an0nusr]

Prerequisites

• [X] This is NOT a YouTube, Facebook, Twitch or a shortener/hosting site report. These sites MUST be reported by clicking their respective links.
• [X] I read and understand the policy about what is a valid filter issue.
• [X] I verified that this issue is not a duplicate. (Search here to find out.)
• [X] I did not remove any of the default filter lists, or I have verified that the issue was not caused by removing any of the default lists.
• [X] I did not enable additional filter lists, or I have verified that the issue still occurs without enabling additional filter lists.
• [X] I do not have custom filters/rules, or I have verified that the issue still occurs without custom filters/rules.
• [X] I am not using uBlock Origin along with other content blockers.
• [X] I have verified that the web browser's built-in content blocker/tracking protection, network wide/DNS blocking, or my VPN is not causing the issue.
• [X] I have verified that other extensions are not causing the issue.
• [X] If this is about a breakage or detection, I have verified that it is caused by uBlock Origin and isn't a site issue.
• [ ] I did not answer truthfully to ALL the above checkboxes.

URL(s) where the issue occurs.

N/A - this is a problem with ip detection.

Description

I noticed a website that had previously worked suddenly was partially broken, and was hitting the new IP rule:

*$1p,strict3p,ipaddress=::,from=~0.0.0.0|~127.0.0.1|~[::1]|~[::]|~local|~localhost

I realized I had the following line in my dnsmasq config:

server=/domain.tld/#
address=/domain.tld/::

In dnsmasq, if you want to force browsers (or other apps) to use ipv4 for something, a common solution is to set the ipv6 response to :: while giving another instruction to lookup all ipv4 addresses normally. There's a discussion about this here for people who use ipv6 proxies like Hurricane Electric, and want to avoid sending traffic to something like Netflix via the ipv6 proxy.

This works, but it seems to run afoul the new ip address blocks in the built-in uBlock Filters - Privacy list, which then seems to incorrectly flag traffic to the domain as suspect?

I confirmed that removing the custom instructions in dnsmasq resolves the issue, and the site is no longer getting falsely flagged by uBlock.

I'm not sure how this would be resolved, but I think maybe something in the docs would be helpful?

Other extensions used

Ganbo Tab Session Manager Tree Style Tab DownThemAll Violent Monkey

Screenshot(s)

No response

Configuration

Details

```yaml uBlock Origin: 1.60.0 Firefox: 133 filterset (summary): network: 137942 cosmetic: 48933 scriptlet: 21340 html: 2064 listset (total-discarded, last-updated): default: user-filters: 6-1, never ublock-filters: 40864-133, 4h.45m Δ ublock-badware: 11923-6, 4h.45m Δ ublock-privacy: 1394-22, 4h.45m Δ ublock-unbreak: 2558-1, 4h.45m Δ easylist: 76998-191, 4h.45m Δ easyprivacy: 53227-64, 4h.45m Δ urlhaus-1: 21095-0, 4h.45m plowe-0: 3545-999, 12d.1h.11m ublock-quick-fixes: 239-12, 4h.45m Δ filterset (user): [array of 6 redacted] trustedset: added: [array of 7 redacted] userSettings: [none] hiddenSettings: [none] supportStats: allReadyAfter: 752 ms (selfie) maxAssetCacheWait: 195 ms cacheBackend: indexedDB ```

[stephenhawk8054]

@gorhill @gwarser I have temp disabled the ipv6 filter. The articles about 0.0.0.0 exploits do not talk much about ipv6. Is it worth to address?

---

Sorry, looks like transferring to uBlock-issues is not really correct.

[gwarser]

So browsers choose the other IP when one is set to 0? Should uBO not block 0 IP when the other is "valid"? 0 IP will stop working sooner or later https://bugzilla.mozilla.org/show_bug.cgi?id=1915402#c0 https://bugzilla.mozilla.org/show_bug.cgi?id=1915982#c2 https://bugzilla.mozilla.org/show_bug.cgi?id=1889130

[stephenhawk8054]

0 IP will stop working sooner or later

Yeah, I also intended to keep the filters just until Firefox patches it.