Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Herschel_Liang
Collaborator

sk103154 feature discussion

According to sk103154 Contents 3 description, we block IPv4 addresses successfully. But after we add IPv6 addresses to it. All IP addresses block feature is failing even GW is enabled IPv6 in Gaia R80.30 but we can see logs that were blocked. Who can tell me if it supports IPv6?

0 Kudos
6 Replies
PhoneBoy
Admin
Admin

The underlying mechanism used by the script in sk103154 definitely supports IPv6.
However, it’s a different kernel module and different commands are used to manipulate the rules for IPv6.
I haven’t personally reviewed the script to see if it differentiates between IPv4 and IPv6 and executes the correct command.

0 Kudos
Herschel_Liang
Collaborator

So, if the client is in dire need of block dual-stack malicious IP addresses through this SK, what can I do? Is any R&D engineers can follow it?

0 Kudos
PhoneBoy
Admin
Admin

Just took a quick look through the script, and it only calls the IPv4 variant of the commands (fw samp).
Which means: as is, it does not support IPv6.

Like I said, the underlying mechanisms used by the script definitely support IPv6.
However, they are invoked with a slightly different command: fw6 samp
It should be pretty straightforward to create a version of the script that supports IPv6. 

0 Kudos
Herschel_Liang
Collaborator

Yes, waiting for the R&D team's response.

0 Kudos
PhoneBoy
Admin
Admin

sk103154 has been updated:

  • IPv6 now listed in the limitations
  • Use IoC mechanism for IPv6 instead (sk132193), which can be set in SmartConsole from R81.

If instead you want to modify the script in sk103154, you should use fw6 accel which has different syntax.
However, it's probably better to use the formally supported IoC mechanism.

0 Kudos
the_rock
Leader
Leader

If I were you, for any ipv6 related issues, I would certainly open tac case and maybe ask for it to be worked by senior engineer.

Andy

0 Kudos