[asterisk-dev] [Code Review] Make ACLs IPv6-capable

Olle E. Johansson oej at edvina.net
Thu Jul 15 08:28:59 CDT 2010


15 jul 2010 kl. 13.35 skrev Simon Perreault:

> On 2010-07-15 04:00, Olle E. Johansson wrote:
>> While this may be clever, it will be much harder separating IPv4 and IPv6 addresses. If I want to deny all IPv4 but not IPv6 the syntax will be hard to find out, even though it's possible for IPv4. I can't figure out how you deny all IPv6 addresses this way. We might want to explore adding prefixes just to make the configuration easier to handle and read.
>> 
>> deny=ipv4,0.0.0.0
>> deny=ipv6,0::0    ; Just deny all IPv6, but allow IPv4
> 
> You shouldn't have to specify "ipv4" or "ipv6" in the config file. It's
> easy to distinguish between the two types based on just the address itself.
> 
> That said, you may be onto something here. What happens if I say
> 
> deny=::/0
> 
> Will that also block IPv4 completely?
> 
> I don't think it should.
> 
Right, I was just trying to make my point that not storing the address family and converting IPv4 to IPv6-embedded might be clever, but also ends up giving you problems. You got it.

/O




More information about the asterisk-dev mailing list