Date: Wed, 17 May 2000 06:16:32 +0900 (JST) From: Hajimu UMEMOTO (=?ISO-2022-JP?B?GyRCR19LXBsoQiA=?= =?ISO-2022-JP?B?GyRCSCUbKEI=?=) <ume@mahoroba.org> To: jim@thehousleys.net Cc: freebsd-hackers@freebsd.org Subject: Re: IPv6 and hosts.allow Message-ID: <200005162116.e4GLGWF76144@peace.mahoroba.org> In-Reply-To: <3921B173.F6E8E479@thehousleys.net> References: <3921AB34.73A873DC@thehousleys.net> <200005162019.e4GKJsF75988@peace.mahoroba.org> <3921B173.F6E8E479@thehousleys.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> On Tue, 16 May 2000 16:37:07 -0400 >>>>> James Housley <jim@thehousleys.net> said: > How do you specify IPv6 address? IPv6 address has `:' in it and it > conflict with tcp_wrappers's field separator. So, you need to wrap > IPv6 address with `[' and `]'. > jim> Like this? No. For example: ALL : [fe80::]/10 Please see manpage for host_access(5). jim> Would you like me to submit a PR with this or can you commit jim> the changes or better ones??? jim> +# To use IPv6 addresses you must enclose them in []'s jim> +ALL : [fe80::/10] To add example in /etc/hosts.allow is good idea. But, use of link-local address is not so good. Because, current IPv6 implementation of tcp_wrappers cannot treat scope-id. So, this means: allow any link-local connections from any neighbor networks It contains not only ethernet but also gif tunnel etc. Do you really need to allow link-local connection? I already rewrote tcp_wrappers to support scoped address and it is shipped as KAME ports. You can obtain it from: http://www.imasy.or.jp/~ume/ipv6/tcp_wrappers_7.6-ipv6-1.9.diff.gz By using this, you can specify: ALL : [fe80::%de0]/10 : allow But, this has some limitations. This is a patch to original tcp_wrappers. And, this doesn't work on 5.0-CURRENT nor 4.0-STABLE due to getaddrinfo() problem around treatment of IPv4 address obtained by specifying PF_UNSPEC. To work it on FreeBSD without additional KAME package, we should correct getaddrinfo(). The patch is ready and now in review. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan ume@mahoroba.org ume@bisd.hitachi.co.jp ume@FreeBSD.org http://www.imasy.org/~ume/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005162116.e4GLGWF76144>