Re: IPv6 and hosts.allow
> On Tue, 16 May 2000 16:37:07 -0400 > James Housley <[EMAIL PROTECTED]> said: > How do you specify IPv6 address? IPv6 address has `:' in it and it > conflict with tcp_wrappers's field separator. So, you need to wrap > IPv6 address with `[' and `]'. > jim> Like this? No. For example: ALL : [fe80::]/10 Please see manpage for host_access(5). jim> Would you like me to submit a PR with this or can you commit jim> the changes or better ones??? jim> +# To use IPv6 addresses you must enclose them in []'s jim> +ALL : [fe80::/10] To add example in /etc/hosts.allow is good idea. But, use of link-local address is not so good. Because, current IPv6 implementation of tcp_wrappers cannot treat scope-id. So, this means: allow any link-local connections from any neighbor networks It contains not only ethernet but also gif tunnel etc. Do you really need to allow link-local connection? I already rewrote tcp_wrappers to support scoped address and it is shipped as KAME ports. You can obtain it from: http://www.imasy.or.jp/~ume/ipv6/tcp_wrappers_7.6-ipv6-1.9.diff.gz By using this, you can specify: ALL : [fe80::%de0]/10 : allow But, this has some limitations. This is a patch to original tcp_wrappers. And, this doesn't work on 5.0-CURRENT nor 4.0-STABLE due to getaddrinfo() problem around treatment of IPv4 address obtained by specifying PF_UNSPEC. To work it on FreeBSD without additional KAME package, we should correct getaddrinfo(). The patch is ready and now in review. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.imasy.org/~ume/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
Re: IPv6 and hosts.allow
"Hajimu UMEMOTO (梅本 肇)" wrote: > > Yes, I wrote IPv6 support code for tcp_wrappers. And, actually, I'm > using it. > How do you specify IPv6 address? IPv6 address has `:' in it and it > conflict with tcp_wrappers's field separator. So, you need to wrap > IPv6 address with `[' and `]'. > Like this? Would you like me to submit a PR with this or can you commit the changes or better ones??? Jim -- Studies show that 1 out of every 4 Americans suffer some form of mental illness. So look at your three best friends, if they are okay it is YOU! --- hosts.allow Fri May 5 13:58:34 2000 +++ hosts.allow.new Tue May 16 16:34:05 2000 @@ -33,6 +33,8 @@ # name) *MUST* be specified for portmap(8). ALL : localhost 127.0.0.1 : allow ALL : my.machine.example.com 192.0.2.35 : allow +# To use IPv6 addresses you must enclose them in []'s +ALL : [fe80::/10] # Sendmail can help protect you against spammers and relay-rapers sendmail : localhost : allow
Re: IPv6 and hosts.allow
> On Tue, 16 May 2000 16:10:28 -0400 > James Housley <[EMAIL PROTECTED]> said: jim> Is inetd wrapping and hosts.allow supposed to support IPv6 addresses? jim> Because it isn't for me. Not only that but added an IPv6 address to jim> hosts.allow seems to prevent processing of IPv4 anddress on that line. jim> If it should and is broken I will submit a PR. If not I will look and jim> see if I can submit a PR with code. BTW this is 4.0 cvsupd and compile jim> with cvs-cur-6351.gz of this morning (2000/5/16) Yes, I wrote IPv6 support code for tcp_wrappers. And, actually, I'm using it. How do you specify IPv6 address? IPv6 address has `:' in it and it conflict with tcp_wrappers's field separator. So, you need to wrap IPv6 address with `[' and `]'. -- Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.imasy.org/~ume/ To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message
IPv6 and hosts.allow
Is inetd wrapping and hosts.allow supposed to support IPv6 addresses? Because it isn't for me. Not only that but added an IPv6 address to hosts.allow seems to prevent processing of IPv4 anddress on that line. If it should and is broken I will submit a PR. If not I will look and see if I can submit a PR with code. BTW this is 4.0 cvsupd and compile with cvs-cur-6351.gz of this morning (2000/5/16) Jim -- Studies show that 1 out of every 4 Americans suffer some form of mental illness. So look at your three best friends, if they are okay it is YOU! To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-hackers" in the body of the message