This repository has been archived by the owner on Nov 15, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
polkadot 0.9.37 appears to break --no-private-ipv4 #6581
Closed
briancolecoinmetrics opened this issue
Jan 18, 2023
· 7 comments
· Fixed by paritytech/substrate#13185
Closed
polkadot 0.9.37 appears to break --no-private-ipv4 #6581
briancolecoinmetrics opened this issue
Jan 18, 2023
· 7 comments
· Fixed by paritytech/substrate#13185
Comments
CC @paritytech/networking |
I can confirm, got an abuse report where i was "port scanning" al kind of 10.x.x.x and 192.168.x.x ranges, after reverting to the old binary no more complaints. Maybe related to libp2p update #6500 ? |
Yeah, I also suspect the update. We are already looking into it! |
Should be fixed by: paritytech/substrate#13185 |
Any idea when a release with the fix might be available? Considering that 0.9.37 was labeled
we'd really like to update, but we can't run a release that gets our servers flagged for abuse. |
It should come with 0.9.38. There is no real need to upgrade to 0.9.37. So staying on 0.9.36 should be safe! |
Iptables can be in use here for rfc1918 ranges:
|
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Problem
We just deployed 0.9.37, and our hosting provider promptly emailed to ask why we were running port scans, with logs showing the just-upgraded machine hitting ports 30333-30335 on RFC1918 addresses, even though we explicitly run polkadot with
--no-private-ipv4
.General Info
We built with https://github.com/coinmetrics/fullnode/blob/master/fullnodes/polkadot/polkadot-0.9.37.nix to produce container image https://hub.docker.com/layers/coinmetrics/polkadot/0.9.37/images/sha256-9680864e184e4e495f0275d50a2ec4d49388b260aab66fa6559add99eed4b265?context=explore which is run in docker on Ubuntu. (I can provide more details if it's relevant)
code blocks
.(after that it goes into the usual Idle/Import loop)
Log says "full" and that looks right.
(where $HOSTIP is templated in on each server)
The text was updated successfully, but these errors were encountered: