IPv6 hosts allow|deny

Dave Dykstra dwd at drdykstra.us
Mon Jan 20 16:58:20 EST 2003 

On Fri, Jan 17, 2003 at 12:31:26AM +0100, Bert Vermeulen wrote:
> On Mon, 13 Jan 2003, Dave Dykstra wrote:
> 
> > I don't understand enough how that syntax works in order to be able
> > to write an explanation for people.  Could you please try to write
> > something up based on the current version checked in to CVS?
> 
> Here's a patch for the manpage:
> 
> 	http://biot.com/patches/rsync-ipv6-acl-doc.patch

I have never been introduced to IPv6 addresses before and there are some
things about your documentation that baffle me.  Perhaps I just need to
be educated a little, or perhaps it would be useful to include a little
more explnation in the documentation.

Your patch includes this:
> -  it() a dotted decimal IP address of the form a.b.c.d for IPv4 and 
> -  a.b.c.d.e.f for IPv6. In this case the incoming machine's IP address
> +  it() a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
> +  of the form a:b:c::d:e:f. In this case the incoming machine's IP address
>    must match exactly.

Why is there a blank field between "c" and "d"?    Do you think you
should you say something about the fields being hexadecimal for IPv6,
or is that obvious to anyone who has seen IPv6 addresses before?


Your patch also includes this:
> +  it() an address/mask in the form ipaddr/n where ipaddr is the IP address
> +  and n is the number of one bits in the netmask.  All IP addresses which
> +  match the masked IP address will be allowed in.
> +
> +  it() an address/mask in the form ipaddr/maskaddr where ipaddr is the
> +  IP address and maskaddr is the netmask in dotted decimal notation for IPv4,
> +  or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP
> +  addresses which match the masked IP address will be allowed in.


How come a mask includes 4 fields followed by 2 blanks?   What do you
mean by "/64"?

Your patch also has this addition:
> +Note IPv6 link-local addresses can have a scope in the address specification:
> +
> +quote(fe80::1%eth0)
> +quote(fe80::%eth0/64)
> +quote(fe80::%eth0/ffff:ffff:ffff:ffff::)
 
What's a link-local address?  What's a scope?  I think I get that the parts
after the '/' are masks, but what does it mean to have just two colons
in the address, with one field blank and the third one either 1%eth0 or
%eth0?

- Dave

More information about the rsync mailing list