Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ipv6 not working #33

Open
Anan5a opened this issue Jan 15, 2020 · 1 comment
Open

ipv6 not working #33

Anan5a opened this issue Jan 15, 2020 · 1 comment

Comments

@Anan5a
Copy link

Anan5a commented Jan 15, 2020

I'm trying to enable ipv6 firewal. But it shows warning/error

root@Debian-102-buster-64-minimal ~ # apf -r
# Warning: iptables-legacy tables present, use iptables-legacy to see them
apf(32178): {glob} flushing & zeroing chain policies
apf(32178): {glob} firewall offline
apf(32271): {glob} activating firewall
# Warning: iptables-legacy tables present, use iptables-legacy to see them
apf(32373): {glob} determined (IFACE_UNTRUSTED) enp35s0 has address 116.202.155.233
apf(32373): {glob} loading preroute.rules
apf(32373): {resnet} downloading http://cdn.rfxn.com/downloads/reserved.networks
apf(32373): {resnet} parsing reserved.networks into /etc/apf/internals/reserved.networks
apf(32373): {glob} loading reserved.networks
apf(32373): {glob} loading bt.rules
apf(32373): {php} downloading http://cdn.rfxn.com/downloads/php_list
apf(32373): {php} parsing php_list into /etc/apf/php_hosts.rules
apf(32373): {php} loading php_hosts.rules
apf(32373): {dshield} downloading http://feeds.dshield.org/top10-2.txt
apf(32373): {dshield} parsing top10-2.txt into /etc/apf/ds_hosts.rules
apf(32373): {dshield} loading ds_hosts.rules
apf(32373): {sdrop} downloading http://www.spamhaus.org/drop/drop.lasso
apf(32373): {sdrop} parsing drop.lasso into /etc/apf/sdrop_hosts.rules
apf(32373): {sdrop} loading sdrop_hosts.rules
apf(32373): {glob} loading common drop ports
apf(32373): {blk_ports} deny all to/from tcp port 135:139
apf(32373): {blk_ports} deny all to/from udp port 135:139
apf(32373): {blk_ports} deny all to/from tcp port 111
apf(32373): {blk_ports} deny all to/from udp port 111
apf(32373): {blk_ports} deny all to/from tcp port 513
apf(32373): {blk_ports} deny all to/from udp port 513
apf(32373): {blk_ports} deny all to/from tcp port 520
apf(32373): {blk_ports} deny all to/from udp port 520
apf(32373): {blk_ports} deny all to/from tcp port 445
apf(32373): {blk_ports} deny all to/from udp port 445
apf(32373): {blk_ports} deny all to/from tcp port 1433
apf(32373): {blk_ports} deny all to/from udp port 1433
apf(32373): {blk_ports} deny all to/from tcp port 1434
apf(32373): {blk_ports} deny all to/from udp port 1434
apf(32373): {blk_ports} deny all to/from tcp port 1234
apf(32373): {blk_ports} deny all to/from udp port 1234
apf(32373): {blk_ports} deny all to/from tcp port 1524
apf(32373): {blk_ports} deny all to/from udp port 1524
apf(32373): {blk_ports} deny all to/from tcp port 3127
apf(32373): {blk_ports} deny all to/from udp port 3127
apf(32373): {rab} set active RAB_SANITY
apf(32373): {pkt_sanity} set active PKT_SANITY
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ALL NONE
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs SYN,FIN SYN,FIN
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs SYN,RST SYN,RST
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs FIN,RST FIN,RST
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ACK,FIN FIN
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ACK,URG URG
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ACK,PSH PSH
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN,URG,PSH
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ALL SYN,RST,ACK,FIN,URG
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ALL ALL
apf(32373): {pkt_sanity} deny inbound tcp-flag pairs ALL FIN
apf(32373): {pkt_sanity} deny outbound tcp-flag pairs ALL NONE
apf(32373): {pkt_sanity} deny outbound tcp-flag pairs SYN,FIN SYN,FIN
apf(32373): {pkt_sanity} deny outbound tcp-flag pairs SYN,RST SYN,RST
apf(32373): {pkt_sanity} deny outbound tcp-flag pairs FIN,RST FIN,RST
apf(32373): {pkt_sanity} deny outbound tcp-flag pairs ACK,FIN FIN
apf(32373): {pkt_sanity} deny outbound tcp-flag pairs ACK,PSH PSH
apf(32373): {pkt_sanity} deny outbound tcp-flag pairs ACK,URG URG
apf(32373): {pkt_sanity} deny all fragmented udp
apf(32373): {pkt_sanity} deny inbound tcp port 0
apf(32373): {pkt_sanity} deny outbound tcp port 0
apf(32373): {blk_p2p} set active BLK_P2P
apf(32373): {blk_p2p} deny all to/from tcp port 1214
apf(32373): {blk_p2p} deny all to/from udp port 1214
apf(32373): {blk_p2p} deny all to/from tcp port 2323
apf(32373): {blk_p2p} deny all to/from udp port 2323
apf(32373): {blk_p2p} deny all to/from tcp port 4660:4678
apf(32373): {blk_p2p} deny all to/from udp port 4660:4678
apf(32373): {blk_p2p} deny all to/from tcp port 6257
apf(32373): {blk_p2p} deny all to/from udp port 6257
apf(32373): {blk_p2p} deny all to/from tcp port 6699
apf(32373): {blk_p2p} deny all to/from udp port 6699
apf(32373): {blk_p2p} deny all to/from tcp port 6346
apf(32373): {blk_p2p} deny all to/from udp port 6346
apf(32373): {blk_p2p} deny all to/from tcp port 6347
apf(32373): {blk_p2p} deny all to/from udp port 6347
apf(32373): {blk_p2p} deny all to/from tcp port 6881:6889
apf(32373): {blk_p2p} deny all to/from udp port 6881:6889
apf(32373): {blk_p2p} deny all to/from tcp port 6346
apf(32373): {blk_p2p} deny all to/from udp port 6346
apf(32373): {blk_p2p} deny all to/from tcp port 7778
apf(32373): {blk_p2p} deny all to/from udp port 7778
apf(32373): {glob} SET_REFRESH is set to 10 minutes
apf(32373): {glob} loading /etc/apf/allow_hosts.rules
apf(32373): {trust} allow all to/from 45.77.241.23/32
apf(32373): {trust} allow all to/from 87.121.98.240/32
apf(32373): {trust} allow all to/from 173.245.48.0/20
apf(32373): {trust} allow all to/from 103.21.244.0/22
apf(32373): {trust} allow all to/from 103.22.200.0/22
apf(32373): {trust} allow all to/from 103.31.4.0/22
apf(32373): {trust} allow all to/from 141.101.64.0/18
apf(32373): {trust} allow all to/from 108.162.192.0/18
apf(32373): {trust} allow all to/from 190.93.240.0/20
apf(32373): {trust} allow all to/from 188.114.96.0/20
apf(32373): {trust} allow all to/from 197.234.240.0/22
apf(32373): {trust} allow all to/from 198.41.128.0/17
apf(32373): {trust} allow all to/from 162.158.0.0/15
apf(32373): {trust} allow all to/from 104.16.0.0/12
apf(32373): {trust} allow all to/from 172.64.0.0/13
apf(32373): {trust} allow all to/from 131.0.72.0/22
apf(32373): {rab} set active RAB
apf(32373): {rab} set active RAB_PSCAN
apf(32373): {rab} RAB_PSCAN monitored ports 1,7,9,11,15,69,70
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9999' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:1010' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9898' not found
Try `iptables -h' or 'iptables --help' for more information.
apf(32373): {glob} loading log.rules
apf(32373): {glob} virtual net subsystem disabled.
apf(32373): {glob} loading main.rules
apf(32373): {glob} opening inbound tcp port 22 on 0/0
apf(32373): {glob} opening inbound icmp type 3 on 0/0
apf(32373): {glob} opening inbound icmp type 5 on 0/0
apf(32373): {glob} opening inbound icmp type 11 on 0/0
apf(32373): {glob} opening inbound icmp type 0 on 0/0
apf(32373): {glob} opening inbound icmp type 30 on 0/0
apf(32373): {glob} opening inbound icmp type 8 on 0/0
apf(32373): {glob} resolv dns discovery for 213.133.100.100
apf(32373): {glob} resolv dns discovery for 213.133.99.99
apf(32373): {glob} resolv dns discovery for 213.133.98.98
apf(32373): {glob} resolv dns discovery for 2a01:4f8:0:1::add:9999
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9999' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9999' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9999' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9999' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9999' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9999' not found
Try `iptables -h' or 'iptables --help' for more information.
apf(32373): {glob} resolv dns discovery for 2a01:4f8:0:1::add:1010
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:1010' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:1010' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:1010' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:1010' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:1010' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:1010' not found
Try `iptables -h' or 'iptables --help' for more information.
apf(32373): {glob} resolv dns discovery for 2a01:4f8:0:1::add:9898
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9898' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9898' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9898' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9898' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9898' not found
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.2 (nf_tables): host/network `2a01:4f8:0:1::add:9898' not found
Try `iptables -h' or 'iptables --help' for more information.
apf(32373): {glob} loading postroute.rules
apf(32373): {glob} default (egress) output accept
apf(32373): {glob} default (ingress) input drop
apf(32271): {glob} firewall initialized
# Warning: iptables-legacy tables present, use iptables-legacy to see them
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
apf(32271): {glob} fast load snapshot saved

How can i enable ipv6 filterin?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jasonwee @Anan5a