New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Change the way we use to block IPv6 #853

Closed
ameshkov opened this Issue Oct 20, 2016 · 6 comments

Comments

Projects
None yet
3 participants

@ameshkov ameshkov added this to the 2.8 milestone Oct 20, 2016

@TPS

This comment has been minimized.

Show comment
Hide comment
@TPS

TPS Oct 25, 2016

Contributor

Is this relevant at all for apps we block individually via firewall that may use IPv6? Or just globally?

Contributor

TPS commented Oct 25, 2016

Is this relevant at all for apps we block individually via firewall that may use IPv6? Or just globally?

@Revertron

This comment has been minimized.

Show comment
Hide comment
@Revertron

Revertron Oct 25, 2016

Member

This is for prevention of loading ads by IPv6.

Member

Revertron commented Oct 25, 2016

This is for prevention of loading ads by IPv6.

@ameshkov

This comment has been minimized.

Show comment
Hide comment
@ameshkov

ameshkov Oct 27, 2016

Member

This is for disabling IPv6 globally.

You see, when user uses "proxy" filtering mode with automatic setup, IPv6 connections may slip through us. The easiest solution is to disable IPv6 globally.

Member

ameshkov commented Oct 27, 2016

This is for disabling IPv6 globally.

You see, when user uses "proxy" filtering mode with automatic setup, IPv6 connections may slip through us. The easiest solution is to disable IPv6 globally.

@TPS

This comment has been minimized.

Show comment
Hide comment
@TPS

TPS Oct 27, 2016

Contributor

& then filter normally when/if the IPv6→IPv4 translation happens?

When this setting (& maybe when the .dns setting) is on, does AG specifically request IPv4 addresses/records only, then?

Contributor

TPS commented Oct 27, 2016

& then filter normally when/if the IPv6→IPv4 translation happens?

When this setting (& maybe when the .dns setting) is on, does AG specifically request IPv4 addresses/records only, then?

@ameshkov

This comment has been minimized.

Show comment
Hide comment
@ameshkov

ameshkov Oct 28, 2016

Member

You can change DNS when AG is in VPN mode, and we have no issues with VPN.

The issue exists in proxy+automatic mode only as iptables cannot control IPv6 traffic.
And ip6tables does not provide a good way for traffic redirection, so here we are, providing an option for blocking whole IPv6 instead:)

Member

ameshkov commented Oct 28, 2016

You can change DNS when AG is in VPN mode, and we have no issues with VPN.

The issue exists in proxy+automatic mode only as iptables cannot control IPv6 traffic.
And ip6tables does not provide a good way for traffic redirection, so here we are, providing an option for blocking whole IPv6 instead:)

@Revertron

This comment has been minimized.

Show comment
Hide comment
@Revertron

Revertron Nov 2, 2016

Member

Done.

Member

Revertron commented Nov 2, 2016

Done.

@Revertron Revertron closed this Nov 2, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment