Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix IPv6 BOGONs RAW Rules #1

Open
2 tasks
jonathanio opened this issue Oct 3, 2023 · 1 comment
Open
2 tasks

Fix IPv6 BOGONs RAW Rules #1

jonathanio opened this issue Oct 3, 2023 · 1 comment
Assignees
@jonathanio
Labels
priority/high This is a high-priority issue or pull reqest type/bug Something is not working correctly

Comments

@jonathanio
Copy link
Contributor

The BOGON rules in the raw/prerouting chain seem to block significant types of traffic, including DHCPv6 traffic, causing issues.

The rules must be re-evaluated regarding what they capture and, subsequently, block, with a few to ensure that regular legitimate traffic is allowed through as expected.

Notes

Additional internal work may be needed to ensure IPv6 traffic is forwarded from the current edge router to the new edge router to facilitate testing.

Acceptance Criteria

  • Review the BOGONs for IPv6 and ensure that the allow and blocked lists contain everything they should do
  • Review the :bogon:check chain and determine why legitimate traffic is blocked.
@jonathanio jonathanio added priority/high This is a high-priority issue or pull reqest type/bug Something is not working correctly update/configuration Update with changes to tool or service configuratons update/scripts Update with changes to scripts labels Oct 3, 2023
@jonathanio jonathanio self-assigned this Oct 3, 2023
@jonathanio jonathanio removed update/configuration Update with changes to tool or service configuratons update/scripts Update with changes to scripts labels Oct 3, 2023
jonathanio added a commit that referenced this issue Oct 4, 2023
@jonathanio
Disable BOGON processing for IPv4 and IPv6
c58f859 
BOGONs are having issues in both IPv4 and IPv6 on router and non-router
hosts, so disable all BOGON processing for the time being.

Relates to #1
@jonathanio
Copy link
Contributor Author

BOGOS are a useful security feature, but I'm going to work on other things, such as #2 and #3 for the time being as they're more important.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jonathanio jonathanio

Labels
priority/high This is a high-priority issue or pull reqest type/bug Something is not working correctly
Projects
n3t.uk Networking
Status: Triaged
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jonathanio