[asterisk-dev] [Code Review] Make ACLs IPv6-capable

Klaus Darilion klaus.mailinglists at pernau.at
Thu Jul 15 10:25:14 CDT 2010



Am 15.07.2010 15:28, schrieb Olle E. Johansson:
>
> 15 jul 2010 kl. 13.35 skrev Simon Perreault:
>
>> On 2010-07-15 04:00, Olle E. Johansson wrote:
>>> While this may be clever, it will be much harder separating IPv4 and IPv6 addresses. If I want to deny all IPv4 but not IPv6 the syntax will be hard to find out, even though it's possible for IPv4. I can't figure out how you deny all IPv6 addresses this way. We might want to explore adding prefixes just to make the configuration easier to handle and read.
>>>
>>> deny=ipv4,0.0.0.0
>>> deny=ipv6,0::0    ; Just deny all IPv6, but allow IPv4
>>
>> You shouldn't have to specify "ipv4" or "ipv6" in the config file. It's
>> easy to distinguish between the two types based on just the address itself.

I would prefer to differ between v4 and v6 addresses using the 
[ipv6address] notation (as many other software does), e.g.:

deny=0.0.0.0
deny=[0::0]

This also solves issues where a socket is specified, e.g:

udpbindaddr=0.0.0.0
udpbindaddr=1234::5678:5070 ; is 5070 the port or part of the address?
udpbindaddr=[1234::5678:5070] ; 5070 is part of the address
udpbindaddr=[1234::5678]:5070 ; 5070 is the port

regards
Klaus



More information about the asterisk-dev mailing list