schnibitz 0 Posted June 29, 2017 Share Posted June 29, 2017 (edited) Everyone, Still new to the policies related to firewalls and ESET/ERA. If I define a policy to allow VNC traffic outbound to a specific IP (192.168.9.251) from the client and deny everything else except ESET policy traffic, I get the following in the logs: 6/29/17, 2:06:02 PM Communication denied by rule [::ffff:192.168.111.131]:49834 [::ffff:192.168.9.251]:5900 TCP Deny everything else /System/Library/CoreServices/Applications/Screen Sharing.app/Contents/MacOS/Screen Sharing I can fix this by changing the rule to allow VNC traffic to that exact IP (::ffff:192.168.9.251). But why? Why doesn't a normal IP designation work? I feel like I'm missing something in my explanation here so please fire away with questions. Hopefully this question still applies since it may not be 100% totally related to ERA. Edited June 29, 2017 by schnibitz Link to comment Share on other sites More sharing options...
ESET Staff janoo 11 Posted June 30, 2017 ESET Staff Share Posted June 30, 2017 Hi, ::ffff: is a subnet prefix for IPv4 addresses inside the IPv6 network. (32bit in 128bit space), basically it is repleacing 0000:0000:ffff:0000, and it is helping the IPv6 processor understand the IPv4 address, that is why it is working only with that prefix. Link to comment Share on other sites More sharing options...
schnibitz 0 Posted June 30, 2017 Author Share Posted June 30, 2017 Okay thank you. This follow-up question isn't as important but I wanted to ask anyway. So is it the case that the endpoint OS is communicating IPv4 over IPv6, or the case that ESET is just seeing it that way? If it's the latter, why? Why would it see traffic that way for only that protocol and apparently nothing else? Link to comment Share on other sites More sharing options...
Recommended Posts