starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🚀 Feature: Approximate Location Recognizes Local IPv6 as LAN, Internal Network #170

New Issue
Closed
opened 2025-10-07 00:04:32 +03:00 by OVERLORD · 3 comments
OVERLORD commented 2025-10-07 00:04:32 +03:00
Owner
Copy Link

Originally created by @LucasJanin on GitHub.

Originally assigned to: @kmendell on GitHub.

Feature description

Currently, Pocket-ID recognizes only local IPv4 addresses as part of a "LAN, internal network" in the Approximate Location. Local IPv6 addresses are always treated as external traffic.

Proposal:
Introduce an environment variable ⁠LOCAL_IPV6_RANGES that contains a list of IPv6 ranges used in the local network. Pocket-ID will utilize this list to determine if an IP address is part of the "LAN, internal network." If an IP address is not included in this list, Pocket-ID will use MAXMIND to find the approximate location.

Example Variable:
⁠LOCAL_IPV6_RANGES=2001:0db8:abcd:000::/56,2001:0db8:abcd:001::/56

Pitch

This option will quickly determine whether the traffic is local. Distinguishing between local and external visitors is crucial, as external traffic can pose a greater threat than trusted local network traffic. By accurately identifying local traffic, we can enhance security.

Originally created by @LucasJanin on GitHub. Originally assigned to: @kmendell on GitHub. ### Feature description Currently, Pocket-ID recognizes only local IPv4 addresses as part of a "LAN, internal network" in the Approximate Location. Local IPv6 addresses are always treated as external traffic. Proposal: Introduce an environment variable ⁠LOCAL_IPV6_RANGES that contains a list of IPv6 ranges used in the local network. Pocket-ID will utilize this list to determine if an IP address is part of the "LAN, internal network." If an IP address is not included in this list, Pocket-ID will use MAXMIND to find the approximate location. Example Variable: ⁠LOCAL_IPV6_RANGES=2001:0db8:abcd:000::/56,2001:0db8:abcd:001::/56 ### Pitch This option will quickly determine whether the traffic is local. Distinguishing between local and external visitors is crucial, as external traffic can pose a greater threat than trusted local network traffic. By accurately identifying local traffic, we can enhance security.
OVERLORD added the feature label 2025-10-07 00:04:32 +03:00
OVERLORD commented 2025-10-07 00:04:35 +03:00
Author
Owner
Copy Link

@dougmeredith commented on GitHub:

I don't have a strong opinion on this (or need for it), but I do think there is another way it could be viewed:

Location is meant to be just that; a location. Since there is no way to geo-locate IPv4 private addresses, LAN/Internal is really just how things get displayed when we don't have the location. IPv6 global addresses don't suffer from this shortcoming, and since the location can (theoretically) be determined, the correct location should be recorded.

Perhaps a better concept would be that of trusted IP ranges, which is distinct from location.

@dougmeredith commented on GitHub: I don't have a strong opinion on this (or need for it), but I do think there is another way it could be viewed: Location is meant to be just that; a location. Since there is no way to geo-locate IPv4 private addresses, LAN/Internal is really just how things get displayed when we don't have the location. IPv6 global addresses don't suffer from this shortcoming, and since the location can (theoretically) be determined, the correct location should be recorded. Perhaps a better concept would be that of trusted IP ranges, which is distinct from location.
OVERLORD commented 2025-10-07 00:04:35 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

@LucasJanin Can you try this image ghcr.io/pocket-id/pocket-id:ipv6-ranges the env variable LOCAL_IPV6_RANGES can be set for local IPv6 ranges and those should be makred as LAN, Internal Network in the audit log.

@kmendell commented on GitHub: @LucasJanin Can you try this image `ghcr.io/pocket-id/pocket-id:ipv6-ranges` the env variable `LOCAL_IPV6_RANGES` can be set for local IPv6 ranges and those should be makred as LAN, Internal Network in the audit log.
OVERLORD commented 2025-10-07 00:04:36 +03:00
Author
Owner
Copy Link

@LucasJanin commented on GitHub:

Hi @kmendell

It's working perfectly!

Image

However, I can't fully test it because I performed a fresh Docker installation (I'm using the bare metal version). I'm looking forward to testing it on my main installation with the compiled version.

Thanks for adding this request.

@LucasJanin commented on GitHub: Hi @kmendell It's working perfectly! <img width="1455" alt="Image" src="https://github.com/user-attachments/assets/cf5992c1-d6b7-4542-9cd8-e924a2011880" /> However, I can't fully test it because I performed a fresh Docker installation (I'm using the bare metal version). I'm looking forward to testing it on my main installation with the compiled version. Thanks for adding this request.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#170
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?