The pfSense Store

Author Topic: IPv6 bogons didn't update table when IPv6 enabled  (Read 2379 times)

0 Members and 1 Guest are viewing this topic.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 556
  • Karma: +74/-4
    • View Profile
IPv6 bogons didn't update table when IPv6 enabled
« on: April 01, 2016, 04:02:02 pm »
The following log entries regarding bogons update appeared... the one about IPv6, however, is incorrect.

Code: [Select]
Apr 1 03:01:00 root rc.update_bogons.sh is starting up.
Apr 1 03:01:00 root rc.update_bogons.sh is sleeping for 35853
Apr 1 12:58:33 root rc.update_bogons.sh is beginning the update cycle.
Apr 1 12:58:34 root Bogons V4 file downloaded: 3759 addresses added.
Apr 1 12:58:34 root Bogons V6 file downloaded but not updating IPv6 bogons table because IPv6 Allow is off
Apr 1 12:58:34 root rc.update_bogons.sh is ending the update cycle.

IPv6 Allow is on, and always has been. I have and use IPv6 on a daily basis, and all of my interfaces are configured, and it's working great too. Someone might want to check this script to make sure it's checking the right setting for IPv6 Allow...

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #1 on: April 01, 2016, 07:02:44 pm »
That can be a misleading message as it just means your bogonsv6 table is empty. What do you get for:
Code: [Select]
pfctl -sTables | grep ^bogonsv6$ | wc -l | awk '{ print $1 }'
It still puts the file into place and it'll be applied on next filter reload in that instance, but sounds like there's something not right there.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 556
  • Karma: +74/-4
    • View Profile
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #2 on: April 01, 2016, 07:06:00 pm »
Code: [Select]
[2.3-RC][root@gw.home]/root: pfctl -sTables | grep ^bogonsv6$ | wc -l | awk '{ print $1 }'
0
[2.3-RC][root@gw.home]/root:

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #3 on: April 01, 2016, 07:09:01 pm »
What does your /etc/bogonsv6 file contain? Is bogonsv6 mentioned in /tmp/rules.debug?

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 556
  • Karma: +74/-4
    • View Profile
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #4 on: April 01, 2016, 07:17:11 pm »
/etc/bogonsv6 contains plenty... it extends well beyond the scrollback buffer of my SSH client.

Nothing referencing bogonsv6 in /tmp/rules.debug, but there is a line referencing /etc/bogons... that's all though.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #5 on: April 01, 2016, 07:30:25 pm »
Do you actually have block bogons enabled on any interface? It's only added to rules.debug where block bogons is enabled on an enabled interface.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 556
  • Karma: +74/-4
    • View Profile
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #6 on: April 01, 2016, 07:49:43 pm »
Well, ya got me there... I don't have Block Bogons enabled on any interface... but given that... Why is the IPv4 file being loaded into the table if Block Bogons isn't enabled?

With my settings set the way they are, I would expect the Bogons table to either be empty, or have both IPv4 and v6 data in it. It shouldn't have one but not the other. All or nothing is how it should be since I have IPv6 allowed.

Offline cmb

  • Hero Member
  • *****
  • Posts: 11230
  • Karma: +893/-7
    • View Profile
    • Chris Buechler
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #7 on: April 06, 2016, 12:57:47 pm »
Originally the IPv6 bogons table was always loaded just like the v4 one is, but the v6 one is huge and was hitting people's table limits on systems with limited RAM (256 MB usually). So it was changed to only be loaded where it's necessary. The v4 one wasn't changed for that because it's trivially small.

I clarified the log it spits out in that case.

Offline virgiliomi

  • Sr. Member
  • ****
  • Posts: 556
  • Karma: +74/-4
    • View Profile
Re: IPv6 bogons didn't update table when IPv6 enabled
« Reply #8 on: April 06, 2016, 03:04:37 pm »
I can understand that the IPv6 list would be massive... in that case, it's understandable that it's not included unless necessary. :)

The log message was just confusing... and then the fact that IPv4 was present but IPv6 wasn't just added to it.

Thanks! :)