Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Firewall IP blocking: IPv6 not possible

Scheduled Pinned Locked Moved Support
firewall
9 Posts 4 Posters 543 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • imc67I Offline
    imc67I Offline
    imc67 translator
    wrote on last edited by
    #1

    Hi,

    After reading this thread https://forum.cloudron.io/topic/3154/new-firewall-feature-issues I decided to block the top 8 IP's of countries that are causing the most cyber attacks in the world.

    That worked out fine, currently almost 21k IPv4 ranges are in the firewall.

    Then I also wanted to add the IPv6 ranges, but that gave an error:

    2001:0618:0000:0000:0000:0000:0000:0000/32 is not a valid IP or range

    Is it possible to add the functionality for adding IPv6 ranges as well?

    Kind regards,
    Marcel.

    mehdiM girishG robiR 3 Replies Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    replied to imc67 on last edited by
    #2

    @imc67 I don't think Cloudron even listens on ipv6 actually ...

    1 Reply Last reply
    1
  • girishG Offline
    girishG Offline
    girish Staff
    replied to imc67 on last edited by
    #3

    @imc67 what @mehdi said. Cloudron does not listen on ipv6. All incoming traffic is ipv4 only.

    imc67I 1 Reply Last reply
    0
  • imc67I Offline
    imc67I Offline
    imc67 translator
    replied to girish on last edited by imc67
    #4

    @girish you've said before (I guess in this forum) that IPv6 works when you manually set AAAA records of (sub)domains in your DNS to the IPv6 of your Cloudron. I did that months ago and it works perfect. I can see that i.e. our Wordpress receives traffic from IPv6.

    We need IPv6 (in Wordpress) because of the REST-API used by our iOS app.

    So, yes it works, it's in (almost 2021) strange that Cloudron doesn't support it out of the box but also the firewall doesn't handle it ...

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to imc67 on last edited by
    #5

    @imc67 Ah that way. I didn't realize you setup a AAAA record manually. If so, yes, then the incoming traffic can have IPv6. Your comment sounds very similar to mine - https://forum.cloudron.io/post/6096 ha ha. Maybe you can open a feature request for IPv6 support, I am not sure how many people "require" this / are blocked by this. But happy to add it, if it's seen as important (relative to other requests).

    imc67I 2 Replies Last reply
    0
  • imc67I Offline
    imc67I Offline
    imc67 translator
    replied to girish on last edited by
    #6

    @girish 🙂

    1 Reply Last reply
    0
  • imc67I Offline
    imc67I Offline
    imc67 translator
    replied to girish on last edited by imc67
    #7

    @girish said in Firewall IP blocking: IPv6 not possible:

    Maybe you can open a feature request for IPv6 support, I am not sure how many people "require" this / are blocked by this. But happy to add it, if it's seen as important (relative to other requests).

    Just did that: please vote for: https://forum.cloudron.io/topic/3786/include-ipv6-into-cloudron

    1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    replied to imc67 on last edited by
    #8

    @imc67 said in Firewall IP blocking: IPv6 not possible:

    After reading this thread https://forum.cloudron.io/topic/3154/new-firewall-feature-issues I decided to block the top 8 IP's of countries that are causing the most cyber attacks in the world.

    Marcel, can you share more detail about your chosen block list and how others can do the same?

    Life of sky tech

    imc67I 1 Reply Last reply
    0
  • imc67I Offline
    imc67I Offline
    imc67 translator
    replied to robi on last edited by
    #9

    @robi said in Firewall IP blocking: IPv6 not possible:

    Marcel, can you share more detail about your chosen block list and how others can do the same?

    Sure!

    top 10 countries of attacks: https://www.privacyaffairs.com/geopolitical-attacks/

    Source of country ip's: https://www.ipdeny.com/ipblocks/

    I've choosen to only block those below, we don't expect any necessary traffic from those countries (it's more than 45% of the known Countries where attacks come from):

    China: https://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone

    Russia: https://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone

    North Korea: https://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone

    Iran: https://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone

    Pakistan: https://www.ipdeny.com/ipblocks/data/aggregated/pk-aggregated.zone

    Syria: https://www.ipdeny.com/ipblocks/data/aggregated/sy-aggregated.zone

    India: https://www.ipdeny.com/ipblocks/data/aggregated/in-aggregated.zone

    Vietnam: https://www.ipdeny.com/ipblocks/data/aggregated/vn-aggregated.zone

    All those IP's copy-pasted in Cloudron > Network> Firewall, currently 20906 ranges blocked.

    I added them this morning and I can tell now already that spam has reduced with 90% 🙂

    1 Reply Last reply
    4

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.