Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "ipv4"
Today, I learned the shortest command which will determine if a ping from your machine can reach the Internet:
This parses as 22.214.171.124, which thanks to Cloudflare, is now the IP address of an Internet-facing machine which responds to ICMP pings.
Oh, you can also use this trick to parse 10.0.0.x from `10.x` or 127.0.0.1 from `127.1`. It's just like IPv6's :: notation, except less explicit.12
A tcp packet walks in to a bar and says “I want a beer”, barman says “you want a beer?” and tcp packet says “yes, a beer” .
In high society, TCP is more welcome than UDP. At least it knows a proper handshake.
A bunch of TCP packets go into a bar, until it’s overcrowded. The next day, half as many go in.
A bunch of TCP packets walk into a bar. The bartender says, “Hang on just a second, I need to close the window.”
When I try to send SYNs to chicks, I don’t get any ACKs. Just FINs and RSTs.
IP packet with TTL=1 arrives at bar. Bartender: “Sorry, can’t let you leave…and you don’t get any beer either…”
The worst part about token ring jokes is that if someone starts telling one while you are telling yours, all joking stops.
The great thing about TCP jokes is that you always get them.
The problem with TCP jokes is that people keep retelling them slower until you get them.
I would tell some UDP jokes too but I never know if anyone gets them
The best thing about UDP jokes is that I don’t care if you get them or not.
I had a funny UDP joke to tell, but I lost it somewhere...
The sad thing about IPv6 jokes is that almost no one understands them and no one is using them yet.
I tried to come up with an IPv4 joke, but the good ones were all already exhausted.
A DHCP packet walks into a bar and asks for a beer. Bartender says: “here, but I’ll need that back in an hour!
DHCP jokes only work when there is only one person telling them
The worst part of SSH jokes is that, even when they're not funny, you suck it up and just pretend they were anyway.
The problem with token ring jokes is you need to wait your turn to laugh
I’d make a joke about UDP, but I don’t know if anyone’s actually listening…11
Sister comes into my room
"Can you look at moms laptop, it stopped working I'm scared I broke it"
"Idk it just stopped working, all I did was install adobe flash player I dont think that could do it could it?"
Take a look
"EFI IPV4 0 (error code) failed to boot"
Weird. Enter bios
"Hard drive: [Not detected]"
Well, that's no bueno
Pop open back, hard drive is loose
Pfft, push that fucker back in
Boot -> works
"Mom is going to kill me I broke it im so worried" -> relieved laughter
User Ip Address is too long (maximum is 30 characters).
Okay, dear third-party API, I guess users with IPv6 don't deserve the service... And wtf is 30-char limit for an IP address, when IPv4 can be only 15 characters long, and IPv6 can be up to 39 characters? Did you calculate a weighted average of IP length to get that number?11
Here are the reasons why I don't like IPv6.
Now I'll be honest, I hate IPv6 with all my heart. So I'm not supporting it until inevitably it becomes the de facto standard of the internet. In home networks on the other hand.. huehue...
The main reason why I hate it is because it looks in every way overengineered. Or rather, poorly engineered. IPv4 has 32 bits worth, which translates to about 4 billion addresses. IPv6 on the other hand has 128 bits worth of addresses.. which translates to.. some obscenely huge number that I don't even want to start translating.
That's the problem. It's too big. Anyone who's worked on the internet for any amount of time knows that the internet on this planet will likely not exceed an amount of machines equal to about 1 or 2 extra bits (8.5B and 17.1B respectively). Now of course 33 or 34 bits in total is unwieldy, it doesn't go well with electronics. From 32 you essentially have to go up to 64 straight away. That's why 64-bit processors are.. well, 64 bits. The memory grew larger than the 4GB that a 32-bit processor could support, so that's what happened.
The internet could've grown that way too. Heck it probably could've become 64 bits in total of which 34 are assigned to the internet and the remaining bits are for whatever purposes large IP consumers would like to use the remainder for.
Whoever designed IPv6 however.. nope! Let's give everyone a /64 range, and give them quite literally an IP pool far, FAR larger than the entire current internet. What's the fucking point!?
The IPv6 standard is far larger than it should've been. It should've been 64 bits instead of 128, and it should've been separated differently. What were they thinking? A bazillion colonized planets' internetworks that would join the main internet as well? Yeah that's clearly something that the internet will develop into. The internet which is effectively just a big network that everyone leases and controls a little bit of. Just like a home network but scaled up. Imagine or even just look at the engineering challenges that interplanetary communications present. That is not going to be feasible for connecting multiple planets' internets. You can engineer however you want but you can't engineer around the hard limit of light speed. Besides, are our satellites internet-connected? Well yes but try using one. And those whizz only a couple of km above sea level. The latency involved makes it barely usable. Imagine communicating to the ISS, the moon or Mars. That is not going to happen at an internet scale. Not even close. And those are only the closest celestial objects out there.
So why was IPv6 engineered with hundreds of years of development and likely at least a stage 4 civilization in mind? No idea. Future-proofing or poor engineering? I honestly don't know. But as a stage 0 or maybe stage 1 person, I don't think that I or civilization for that matter is ready for a 128-bit internet. And we aren't even close to needing so many bits.
Going back to 64-bit processors and memory. We've passed 32 bit address width about a decade ago. But even now, we're only at about twice that size on average. We're not even close to saturating 64-bit address width, and that will likely take at least a few hundred years as well. I'd say that's more than sufficient. The internet should've really become a 64-bit internet too.37
The solution for this one isn't nearly as amusing as the journey.
I was working for one of the largest retailers in NA as an architect. Said retailer had over a thousand big box stores, IT maintenance budget of $200M/year. The kind of place that just reeks of waste and mismanagement at every level.
They had installed a system to distribute training and instructional videos to every store, as well as recorded daily broadcasts to all store employees as a way of reducing management time spend with employees in the morning. This system had cost a cool 400M USD, not including labor and upgrades for round 1. Round 2 was another 100M to add a storage buffer to each store because they'd failed to account for the fact that their internet connections at the store and the outbound pipe from the DC wasn't capable of running the public facing e-commerce and streaming all the video data to every store in realtime. Typical massive enterprise clusterfuck.
Then security gets involved. Each device at stores had a different address on a private megawan. The stores didn't generally phone home, home phoned them as an access control measure; stores calling the DC was verboten. This presented an obvious problem for the video system because it needed to pull updates.
The brilliant Infosys resources had a bright idea to solve this problem:
- Treat each device IP as an access key for that device (avg 15 per store per store).
- Verify the request ip, then issue a redirect with ANOTHER ip unique to that device that the firewall would ingress only to the video subnet
- Do it all with the F5
A few months later, the networking team comes back and announces that after months of work and 10s of people years they can't implement the solution because iRules have a size limit and they would need more than 60,000 lines or 15,000 rules to implement it. Sad trombones all around.
Then, a wild DBA appears, steps up to the plate and says he can solve the problem with the power of ORACLE! Few months later he comes back with some absolutely batshit solution that stored the individual octets of an IPV4, multiple nested queries to the same table to emulate subnet masking through some temp table spanning voodoo. Time to complete: 2-4 minutes per request. He too eventually gives up the fight, sort of, in that backhanded way DBAs tend to do everything. I wish I would have paid more attention to that abortion because the rationale and its mechanics were just staggeringly rube goldberg and should have been documented for posterity.
So I catch wind of this sitting in a CAB meeting. I hear them talking about how there's "no way to solve this problem, it's too complex, we're going to need a lot more databases to handle this." I tune in and gather all it really needs to do, since the ingress firewall is handling the origin IP checks, is convert the request IP to video ingress IP, 302 and call it a day.
While they're all grandstanding and pontificating, I fire up visual studio and:
- write a method that encodes the incoming request IP into a single uint32
- write an http module that keeps an in-memory dictionary of uint32,string for the request, response, converts the request ip and 302s the call with blackhole support
- convert all the mappings in the spreadsheet attached to the meetings into a csv, dump to disk
- write a wpf application to allow for easily managing the IP database in the short term
- deploy the solution one of our stage boxes
- add a TODO to eventually move this to a database
All this took about 5 minutes. I interrupt their conversation to ask them to retarget their test to the port I exposed on the stage box. Then watch them stare in stunned silence as the crow grows cold.
According to a friend who still works there, that code is still running in production on a single node to this day. And still running on the same static file database.
Me: “I’ve done Kubernetes before what could possibly go wro-“
(cni0 breaks IPv4 routing serverside by containerd)
Okay, so I was helping an elderly woman with her laptop + internet today (with payment). Problem: Laptop connects to WiFi, shows internet connection, but you couldn't even go to google.com.
The router wasn't the issue as my phone worked on the same WiFi. After a lot of troubleshooting steps, I noticed that Windows forced IPV6 for all WiFi connections for some reason. The router doesn't even support IPV6... So I disabled it and everything started working again.
WHY THE FUCK DID WINDOWS NOT TRY TO LOOKUP A IPV4 ADDRESS IF THE IPV6 FAILS? BOTH WERE ENABLED! WHO AT THE FUCKING WINDOWS 10 DEVELOPMENT TEAM THOUGHT IT WAS A GOOD IDEA?19
In my previous rant about IPv6 (https://devrant.com/rants/2184688 if you're interested) I got a lot of very valuable insights in the comments and I figured that I might as well summarize what I've learned from them.
So, there's 128 bits of IP space to go around in IPv6, where 64 bits are assigned to the internet, and 64 bits to the private network of end users. Private as in, behind a router of some kind, equivalent to the bogon address spaces in IPv4. Which is nice, it ensures that everyone has the same address space to play with.. but it should've been (in my opinion) differently assigned. The internet is orders of magnitude larger than private networks. Most SOHO networks only have a handful of devices in them that need addressing. The internet on the other hand has, well, billions of devices in it. As mentioned before I doubt that this total number will be more than a multiple of the total world population. Not many people or companies use more than a few public IP addresses (again, what's inside the SOHO networks is separate from that). Consider this the equivalent of the amount of public IP's you currently control. In my case that would be 4, one for my home network and 3 for the internet-facing servers I own.
There's various ways in which overall network complexity is reduced in IPv6. This includes IPSec which is now part of the protocol suite and thus no longer an extension. Standardizing this is a good thing, and honestly I'm surprised that this wasn't the case before.
Many people seem to oppose the way IPv6 is presented, hexadecimal is not something many people use every day. Personally I've grown quite fond of the decimal representation of IPv4. Then again, there is a binary conversion involved in classless IPv4. Hexadecimal makes this conversion easier.
There seems to be opposition to memorizing IPv6 addresses, for which DNS can be used. I agree, I use this for my IPv4 network already. Makes life easier when you can just address devices by a domain name. For any developers out there with no experience with administration that think that this is bullshit - imagine having to remember the IP address of Facebook, Google, Stack Overflow and every other website you visit. Add to the list however many devices you want to be present in the imaginary network. For me right now that's between 20 and 30 hosts, and gradually increasing. Scalability can be a bitch.
Any other things.. Oh yeah. The average amount of devices in a SOHO network is not quite 1 anymore - there are currently about half a dozen devices in a home network that need to be addressed. This number increases as more devices become smart devices. That said of course, it's nowhere close to needing 64 bits and will likely never need it. Again, for any devs that think that this is bullshit - prove me wrong. I happen to know in one particular instance that they have centralized all their resources into a single PC. This seems to be common with developers and I think it's normal. But it also reduces the chances to see what networks with many devices in it are like. Again, scalability can be a bitch.
Thanks a lot everyone for your comments on the matter, I've learned a lot and really appreciate it. Do check out the previous rant and particularly the comments on it if you're interested. See ya!25
"There's more to it"
This is something that has been bugging me for a long time now, so <rant>.
Yesterday in one of my chats in Telegram I had a question from someone wanting to make their laptop completely bulletproof privacy respecting, yada yada.. down to the MAC address being randomized. Now I am a networking guy.. or at least I like to think I am.
So I told him, routers must block any MAC addresses from leaking out. So the MAC address is only relevant inside of the network you're in. IPv6 changes this and there is network discovery involved with fandroids and cryphones where WiFi remains turned on as you leave the house (price of convenience amirite?) - but I'll get back to that later.
Now for a laptop MAC address randomization isn't exactly relevant yet I'd say.. at least in something other than Windows where your privacy is right out the window anyway. MAC randomization while Nadella does the whole assfuck, sign me up! /s
So let's assume Linux. No MAC randomization, not necessary, privacy respecting nonetheless. MAC addresses do not leak outside of the network in traditional IPv4 networking. So what would you be worried about inside the network? A hacker inside Starbucks? This is the question I asked him, and argued that if you don't trust the network (and with a public hotspot I personally don't) you shouldn't connect to it in the first place. And since I recall MAC randomization being discussed on the ISC's dhcp-users mailing list a few months ago (http://isc-dhcp-users.2343191.n4.nabble.com/...), I linked that in as well. These are the hardcore networking guys, on the forum of one of the granddaddies of the internet. They make BIND which pretty much everyone uses. It's the de facto standard DNS server out there.
The reply to all of this was simply to the "don't connect to it if you don't trust it" - I guess that's all the privacy nut could argue with. And here we get to the topic of this rant. The almighty rebuttal "there's more to it than that!1! HTTPS doesn't require trust anymore!1!"
... An encrypted connection to a website meaning that you could connect to just about any hostile network. Are you fucking retarded? Ever heard of SSL stripping? Yeah HSTS solves that but only a handful of websites use it and it doesn't scale up properly, since it's pretty much a hardcoded list in web browsers. And you know what? Yes "there's more to it"! There's more to networking than just web browsing. There's 65 THOUSAND ports available on both TCP and UDP, and there you go narrow your understanding of networking to just 2 of them - 80 and 443. Yes there's a lot more to it. But not exactly the kind of thing you're arguing about.
Enjoy your cheap-ass Xiaomeme phone where the "phone" part means phoning home to China, and raging about the Google apps on there. Then try to solve problems that aren't actually problems and pretty vital network components, just because it's an identifier.
P.S. I do care a lot about privacy. My web and mail servers for example do not know where my visitors are coming from. All they see is some reverse proxies that they think is the whole internet. So yes I care about my own and others' privacy. But you know.. I'm old-fashioned. I like to solve problems with actual solutions.11
Well I WAS going to develop a side project on my day off today (a network of Arduinos and a Raspberry Pi) but the woman my wife hired to clean our house flaked-out, so now I get roped in to fucking housecleaning.
This was going to be an awesome day. Was gonna work on my project, chew some tobacco, and then go shooting, and out for wings for dinner. (where I live, chicken wings can be an entire meal)
Now I'm cleaning the shitter and scrubbing countertops because the little precious snowflake of a cleaning lady is in the middle of a (so-far) 3-day emotional breakdown.
Dear snowflake cleaning lady: Fucking learn IPv4 socket programming on the fly, when you've got an imminent deadline, and a crying, teething baby in the next room, at 3am, and don't fucking lose your cool at any point during all of this, then tell me about your fucking "emotional breakdown."3
Domain server goes down, it's the gateway and DNS too.
Ok I'll just remove the domain, it's been orphaned really since you went to the cloud.
Don't have local admin password.
Ok call old it company who set up gear
Out of business
Ok boot to Linux and reset
Usb boot locked
Don't have bios password
Call old it company
Still out of business.
Wait, can I just set manual ipv4 ? Ok domain without a domain controller... If it works it works.2
I normally just have nightmares about the projects I'm working on, especially when I struggle with a bug for days. Those are usually about just me stressing out about it. However, I have a lot of dreams about computers/technology, not necessarily coding-related:
- datacenters were just potato fields. If you go work the field, you'd go data mining
- in Biology, when being taught how having children works, you only tell that "parenting is only chmod-ing the rights of your children until they become the owners themselves"
- IP addresses with emojis instead of numbers were a standard now and they actually managed to replace IPv4, because everyone was so into emojis. They named it IPvE
- I witnessed a new Big Bang when the 32-bit Unix time overflown in 2038, and we were all quantum bits3
It all started with an undelivereable e-mail.
New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.
Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.
Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.
Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).
In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.
Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.
Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.
Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.
Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.
tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.
I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...
One of the big ISP/entertainment companies dug up the roads a few months back and laid fibre optic cables (cutting through a power cable in the process but that's another story).
Recently had someone turn up at my door to chat about their services. All sounded very good, I took a card and gave it some thought and did some research.
So, it'd be a little cheaper than my current provider (FTTC setup). It'd be faster for downloads, slightly slower for uploads (I want fast upload). IPv6 is only on their business packages. I use IPv6 a lot. I also have several static IPv4 addresses.
It would involve getting a cable in to where my equipment rack is, and one to where the TV is (which I spent ages building a TV unit with power, network etc.)
To record/watch TV in another room with their service, I'd need to pay extra. The service just provides HD channels that I can already get, unless I pay more. At the moment I have MythTV handling all the recording of TV shows I want, and Kodi to play them back on different TVs, via CAT6 I spent ages installing into the walls.
Then there's the uncertainty of how nicely their equipment will play with my relatively complicated setup.
I decided, it isn't worth it really for me. I would have to change a load of stuff just to end up with what I already have... But with more limitations.
Anyway, the guy turned up again a few days later, I told him of my decision and away he went.
Since then I have been visited by 2 other employees of this company to try to sell me the service.
It is probably great and convenient if you are not like me and DIY all your home network and media distribution setup...
Also the ISP I'm with is quite small. They are very knowledgeable and friendly and I can get through to someone quickly if i phone. What I use meets my needs, so I prefer to support the smaller company in this case.
When nginx decides to just NOT answer to any IPv4 requests, áfter 2 weeks of having it set up for IPv6, just because I updated the Let's Encrypt certificate..
So I reinstalled Ubuntu server and set the ip to 204, but I forgot that I assigned a static ip to it in my dhcp. I guess it has two IPv4 addresses now? How? Only one NIC 🤔3
I was just flicking through my new android phone, ended up on my I.P address, and it had 6 addresses?!?
4 IPv6 with single colons
I might be a bit thick, but shouldn't a device have 2 I.P's at max? Or am I wrong?9
Last year I switched to a dedicated server with several IPv4 and IPv6 addresses. Getting Docker to direct traffic (both ingress/egress) to specific IP addresses is way more difficult than it should be. I wrote a tutorial for anyone else who's interested:
Word is spreading that CNN, which is owned by Time Warner, got a reddit users IP from their mods, and with their relation to Time Warner, got his identity.
Then extorted him to apologize or be revealed.
This is huge, and we don't even know its the only time it has happened.
VPNs may not even truly protect you if the ISP can connect the dots over time, with time stamps.
Holy shit, CNN just weaponized ipv41
1. Universal switch to IPv6 with back compatibility to IPv4.
2. A new universe of easy and convenient personal softwares that are served from your own home (aka, every client is a server).
3. More 3 wishes 😏2
GOOGLE, I WANT TO FUCK YOUR ASS, WHY THE HELL THE NEWER VERSIONS OF ANDROID ARE NO LONGER ABLE TO OPEN THE FUCKING WEB APPS ON LOCAL NETWORKS, THE SAME APP IS ACCESSIBLE FROM IOS AND FUCKING ANDROID CAN’T FIGURE OUT THE CORRECT DNS OF THE LOCAL IP ADDRESS BECAUSE YOU DROPPED IPV4 SUPPORT YOU ASSHOLES.6
I reset my Linode VPS to vanilla Arch after the blundered attempt to use an unsupported Linux distro. Now I'm reinstalling OpenVPN and decided to try out IPv6 networking over the tunnel. Got my free address block and it is SO AWESOME, even typing the addresses feels nicer. I never want to touch IPv4 octets again.6
I love Mikrotik. Just fucking love them. I also love my residential fiber service. Small company. Synchronous 125M service. No caps. Bandwidth is always there.
BUT... They use PPPOE (seriously guys?), and the IP changes on *every single re-connect*. Also: no IPv6 support. I know. I don't need it. But I want it.
Enter DNSMadeEasy's DDNS, Hurricane Electric's 6to4 tunnel service, and my Routerboard AH100x4. I wrote a script that runs on the router whenever my IP changes. It updates my DDNS record, updates my 6to4 tunnel IP using HE's API, and updates my local 6to4 interface's IP.
It just works. My public IPv4 may change, but the /48 IPv6 networks on my LAN side stay fully routeable.4
Fuck DS-Lite with a rusty rod covered in sand. Also fuck 4to6tunnel.
Boy I really need to take a networking class, this is driving me nuts
Coding would be fun right now.
But seems like i gitta do a night shift to rock network technology test tomorrow. The most annoying thing about this test is, that we have to calculate ip addresses by hand. Not too hard, but damn.. We are not allowed to write it down in hex, only binary (while calculating). And he wants to see interim steps in our calculations.. Even with IPv4 addresses it will be a great amount of 0s and 1s to write.
I better look for a second pen to take with me..1
Accidentally bridged the only interface with a manual IPv4 address on a production box. With only public key access, my only choice was to calculate and ssh via its IPv6 link local address address.
Thanks god it worked.
Fuck you Windows 10!
Trying to help a sales guy setup his adapter to work on a manual network setup (not DHCP). It shows familiar IPV4 settings and then I see this:
"IPV4 Subnet Prefix Length" I decided it was related to netmask "255.255.255.0" or whatever. Tried the number 3. Worked fine. Talked to a colleague and he said it should be the bits of the netmask. So 24.
So WHY THE FUCK does Windows 10 on an update change the way we setup manual networks that has been in use for 40 years?! I realize you can still do the netmask version via Control Panel. I get that. However, the last time I helped this sales person it asked for netmask using the exact method for setting up manual network setting. So why change this on an update?
I like Windows 10 mostly, but this kind of fuckery is stupid. Stop changing shit just to change shit!3
Bought the HELIO Amped router and low n behold.. ipv4 and ipv6 not connected to the internet. I have a project due. I tried everything from uninstalling/installing drivers to using command flushdns. I’m starting to have my suspicions on the modem?
Having problems with getting user's IP address with PHP.
So basically I made a custom DDoS protection for my linux server.
It works like this: php website gathers visitor IP address when he does a certain action (in this case registers an account). All visitor ips are stored in ips.txt securely on my website ftp.
Then my linux server has iptables rules setup in a way where it blocks all traffic except my website traffic.
On linux server I have a cron job which pulls whitelisted ips every 5 minutes from my php website FTP and then whitelists all IP's in iptables.
That way only visitor IP's (of those who registered account in my website) are being whitelisted in my linux server.
In case of a DDoS attack, all traffic is dropped except for the whitelisted visitor's IP's gathered from website ips.txt
Now I'm having a problem. My PHP script is not accurate. Some visitors in my website are not being whitelisted because they might have a different ipv4 ip address than what is given from php website. So basically I am looking for some php script/library that would gather ALL ipv4 ips from a visitor, then whitelist them.
Also regarding ipv6, my iptables are all default (which means that all ipv6 visitor traffic is allowed) so problem is not with visitors that have ipv6. Problem is with my script not getting ALL ipv4 ip addresses assigned to the user.
Can you recommend me some php library for that? So far I've used https://github.com/marufhasan1/... but apparently it's not accurate enough.16
I already searched for a while and couldn't find a viable solution.
I setup a service with docker-compose, and published it on port 80.
However port 80 is only published on ipv4 networks, not ipv6.
How can I make docker publish the service on ipv6 networks as well.1