>>>>> On Tue, 16 May 2000 16:37:07 -0400
>>>>> James Housley <[EMAIL PROTECTED]> said:
> How do you specify IPv6 address? IPv6 address has `:' in it and it
> conflict with tcp_wrappers's field separator. So, you need to wrap
> IPv6 address with `[' and `]'.
>
jim> Like this?
No. For example:
ALL : [fe80::]/10
Please see manpage for host_access(5).
jim> Would you like me to submit a PR with this or can you commit
jim> the changes or better ones???
jim> +# To use IPv6 addresses you must enclose them in []'s
jim> +ALL : [fe80::/10]
To add example in /etc/hosts.allow is good idea. But, use of
link-local address is not so good. Because, current IPv6
implementation of tcp_wrappers cannot treat scope-id. So, this means:
allow any link-local connections from any neighbor networks
It contains not only ethernet but also gif tunnel etc.
Do you really need to allow link-local connection?
I already rewrote tcp_wrappers to support scoped address and it is
shipped as KAME ports. You can obtain it from:
http://www.imasy.or.jp/~ume/ipv6/tcp_wrappers_7.6-ipv6-1.9.diff.gz
By using this, you can specify:
ALL : [fe80::%de0]/10 : allow
But, this has some limitations. This is a patch to original
tcp_wrappers. And, this doesn't work on 5.0-CURRENT nor 4.0-STABLE
due to getaddrinfo() problem around treatment of IPv4 address obtained
by specifying PF_UNSPEC. To work it on FreeBSD without additional
KAME package, we should correct getaddrinfo(). The patch is ready and
now in review.
--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.imasy.org/~ume/
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message