[asterisk-dev] [Code Review] Make ACLs IPv6-capable
Olle E. Johansson
oej at edvina.net
Thu Jul 15 08:28:59 CDT 2010
15 jul 2010 kl. 13.35 skrev Simon Perreault:
> On 2010-07-15 04:00, Olle E. Johansson wrote:
>> While this may be clever, it will be much harder separating IPv4 and IPv6 addresses. If I want to deny all IPv4 but not IPv6 the syntax will be hard to find out, even though it's possible for IPv4. I can't figure out how you deny all IPv6 addresses this way. We might want to explore adding prefixes just to make the configuration easier to handle and read.
>>
>> deny=ipv4,0.0.0.0
>> deny=ipv6,0::0 ; Just deny all IPv6, but allow IPv4
>
> You shouldn't have to specify "ipv4" or "ipv6" in the config file. It's
> easy to distinguish between the two types based on just the address itself.
>
> That said, you may be onto something here. What happens if I say
>
> deny=::/0
>
> Will that also block IPv4 completely?
>
> I don't think it should.
>
Right, I was just trying to make my point that not storing the address family and converting IPv4 to IPv6-embedded might be clever, but also ends up giving you problems. You got it.
/O
More information about the asterisk-dev
mailing list