From dd1053bc49b6798e52ed4c352ee5444834c7f8f4 Mon Sep 17 00:00:00 2001 From: Tim Starling Date: Fri, 8 Jun 2012 12:26:05 +1000 Subject: [PATCH] Increase maximum IPv6 range block size to /19 Increased maximum IPv6 range block size from /32 to /19 and documented my decision-making process. Many ISPs will be larger than /32 since /32 only allows for 64k sites at most. Change-Id: Ia25e156fd8234519c4d74f1d41d93f94a313ce14 --- includes/DefaultSettings.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/includes/DefaultSettings.php b/includes/DefaultSettings.php index 0a3d4adead..508add4be8 100644 --- a/includes/DefaultSettings.php +++ b/includes/DefaultSettings.php @@ -3459,12 +3459,19 @@ $wgSysopEmailBans = true; * Limits on the possible sizes of range blocks. * * CIDR notation is hard to understand, it's easy to mistakenly assume that a - * /1 is a small range and a /31 is a large range. Setting this to half the - * number of bits avoids such errors for IPv4. + * /1 is a small range and a /31 is a large range. For IPv4, setting a limit of + * half the number of bits avoids such errors, and allows entire ISPs to be + * blocked using a small number of range blocks. + * + * For IPv6, RFC 3177 recommends that a /48 be allocated to every residential + * customer, so range blocks larger than /64 (half the number of bits) will + * plainly be required. RFC 4692 implies that a very large ISP may be + * allocated a /19 if a generous HD-Ratio of 0.8 is used, so we will use that + * as our limit. As of 2012, blocking the whole world would require a /4 range. */ $wgBlockCIDRLimit = array( 'IPv4' => 16, # Blocks larger than a /16 (64k addresses) will not be allowed - 'IPv6' => 32, # Blocks larger than a /32 (~7.9x10^28 addresses) will not be allowed + 'IPv6' => 19, ); /** -- 2.20.1