Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Navigation

    Cloudron Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Firewall IP blocking: IPv6 not possible

    Support
    firewall
    4
    9
    49
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • imc67
      imc67 last edited by

      Hi,

      After reading this thread https://forum.cloudron.io/topic/3154/new-firewall-feature-issues I decided to block the top 8 IP's of countries that are causing the most cyber attacks in the world.

      That worked out fine, currently almost 21k IPv4 ranges are in the firewall.

      Then I also wanted to add the IPv6 ranges, but that gave an error:

      2001:0618:0000:0000:0000:0000:0000:0000/32 is not a valid IP or range

      Is it possible to add the functionality for adding IPv6 ranges as well?

      Kind regards,
      Marcel.

      mehdi girish robi 3 Replies Last reply Reply Quote 0
      • mehdi
        mehdi App Dev @imc67 last edited by

        @imc67 I don't think Cloudron even listens on ipv6 actually ...

        1 Reply Last reply Reply Quote 1
        • girish
          girish Staff @imc67 last edited by

          @imc67 what @mehdi said. Cloudron does not listen on ipv6. All incoming traffic is ipv4 only.

          imc67 1 Reply Last reply Reply Quote 0
          • imc67
            imc67 @girish last edited by imc67

            @girish you've said before (I guess in this forum) that IPv6 works when you manually set AAAA records of (sub)domains in your DNS to the IPv6 of your Cloudron. I did that months ago and it works perfect. I can see that i.e. our Wordpress receives traffic from IPv6.

            We need IPv6 (in Wordpress) because of the REST-API used by our iOS app.

            So, yes it works, it's in (almost 2021) strange that Cloudron doesn't support it out of the box but also the firewall doesn't handle it ...

            girish 1 Reply Last reply Reply Quote 0
            • girish
              girish Staff @imc67 last edited by

              @imc67 Ah that way. I didn't realize you setup a AAAA record manually. If so, yes, then the incoming traffic can have IPv6. Your comment sounds very similar to mine - https://forum.cloudron.io/post/6096 ha ha. Maybe you can open a feature request for IPv6 support, I am not sure how many people "require" this / are blocked by this. But happy to add it, if it's seen as important (relative to other requests).

              imc67 2 Replies Last reply Reply Quote 0
              • imc67
                imc67 @girish last edited by

                @girish 🙂

                1 Reply Last reply Reply Quote 0
                • imc67
                  imc67 @girish last edited by imc67

                  @girish said in Firewall IP blocking: IPv6 not possible:

                  Maybe you can open a feature request for IPv6 support, I am not sure how many people "require" this / are blocked by this. But happy to add it, if it's seen as important (relative to other requests).

                  Just did that: please vote for: https://forum.cloudron.io/topic/3786/include-ipv6-into-cloudron

                  1 Reply Last reply Reply Quote 0
                  • robi
                    robi @imc67 last edited by

                    @imc67 said in Firewall IP blocking: IPv6 not possible:

                    After reading this thread https://forum.cloudron.io/topic/3154/new-firewall-feature-issues I decided to block the top 8 IP's of countries that are causing the most cyber attacks in the world.

                    Marcel, can you share more detail about your chosen block list and how others can do the same?

                    imc67 1 Reply Last reply Reply Quote 0
                    • imc67
                      imc67 @robi last edited by

                      @robi said in Firewall IP blocking: IPv6 not possible:

                      Marcel, can you share more detail about your chosen block list and how others can do the same?

                      Sure!

                      top 10 countries of attacks: https://www.privacyaffairs.com/geopolitical-attacks/

                      Source of country ip's: https://www.ipdeny.com/ipblocks/

                      I've choosen to only block those below, we don't expect any necessary traffic from those countries (it's more than 45% of the known Countries where attacks come from):

                      China: https://www.ipdeny.com/ipblocks/data/aggregated/cn-aggregated.zone

                      Russia: https://www.ipdeny.com/ipblocks/data/aggregated/ru-aggregated.zone

                      North Korea: https://www.ipdeny.com/ipblocks/data/aggregated/kp-aggregated.zone

                      Iran: https://www.ipdeny.com/ipblocks/data/aggregated/ir-aggregated.zone

                      Pakistan: https://www.ipdeny.com/ipblocks/data/aggregated/pk-aggregated.zone

                      Syria: https://www.ipdeny.com/ipblocks/data/aggregated/sy-aggregated.zone

                      India: https://www.ipdeny.com/ipblocks/data/aggregated/in-aggregated.zone

                      Vietnam: https://www.ipdeny.com/ipblocks/data/aggregated/vn-aggregated.zone

                      All those IP's copy-pasted in Cloudron > Network> Firewall, currently 20906 ranges blocked.

                      I added them this morning and I can tell now already that spam has reduced with 90% 🙂

                      1 Reply Last reply Reply Quote 4
                      • First post
                        Last post