IPv6 hosts allow|deny
dwd at drdykstra.us
Mon Jan 20 23:13:00 EST 2003
Thanks for the quick tutorial. I submitted your patch, changing eth0
to link1 as Hideaki suggested.
On Mon, Jan 20, 2003 at 06:35:09PM +0100, Bert Vermeulen wrote:
> On Mon, 20 Jan 2003, Dave Dykstra wrote:
> > On Fri, Jan 17, 2003 at 12:31:26AM +0100, Bert Vermeulen wrote:
> > > On Mon, 13 Jan 2003, Dave Dykstra wrote:
> > >
> > > > I don't understand enough how that syntax works in order to be able
> > > > to write an explanation for people. Could you please try to write
> > > > something up based on the current version checked in to CVS?
> > >
> > > Here's a patch for the manpage:
> > >
> > > http://biot.com/patches/rsync-ipv6-acl-doc.patch
> > I have never been introduced to IPv6 addresses before and there are some
> > things about your documentation that baffle me. Perhaps I just need to
> > be educated a little, or perhaps it would be useful to include a little
> > more explnation in the documentation.
> > Your patch includes this:
> > > - it() a dotted decimal IP address of the form a.b.c.d for IPv4 and
> > > - a.b.c.d.e.f for IPv6. In this case the incoming machine's IP address
> > > + it() a dotted decimal IPv4 address of the form a.b.c.d, or an IPv6 address
> > > + of the form a:b:c::d:e:f. In this case the incoming machine's IP address
> > > must match exactly.
> > Why is there a blank field between "c" and "d"? Do you think you
> > should you say something about the fields being hexadecimal for IPv6,
> > or is that obvious to anyone who has seen IPv6 addresses before?
> What Hideaki said, RFC 2373 describes the address format for IPv6.
> But yes, if you've ever dealt with IPv6, certainly this is obvious. I don't
> think it really needs explaining in the rsync docs as such... If you have
> IPv6 working on the machine, you pretty much already know the address
> Anyway, briefly... :: denotes a number of 0 values, it's an abbreviation.
> You can only do this once per IPv6 address. It's exactle the same as writing
> So you can see how a:b:c::d:e:f is easier to type. This is standardized
> stuff, so you're guaranteed to be able to type that into anything that
> parses IPv6 addresses.
> > Your patch also includes this:
> > > + it() an address/mask in the form ipaddr/n where ipaddr is the IP address
> > > + and n is the number of one bits in the netmask. All IP addresses which
> > > + match the masked IP address will be allowed in.
> > > +
> > > + it() an address/mask in the form ipaddr/maskaddr where ipaddr is the
> > > + IP address and maskaddr is the netmask in dotted decimal notation for IPv4,
> > > + or similar for IPv6, e.g. ffff:ffff:ffff:ffff:: instead of /64. All IP
> > > + addresses which match the masked IP address will be allowed in.
> > How come a mask includes 4 fields followed by 2 blanks? What do you
> > mean by "/64"?
> The /64 is just CIDR notation as used in IPv4 as well, i.e. the number of 1
> bits in the network mask. In IPv4, they go up to 32, where a /32 means a
> host. With IPv6, they go up to /128 for a host, however /64 is the
> "standard" netmask for a subnet.
> > Your patch also has this addition:
> > > +Note IPv6 link-local addresses can have a scope in the address specification:
> > > +
> > > +quote(fe80::1%eth0)
> > > +quote(fe80::%eth0/64)
> > > +quote(fe80::%eth0/ffff:ffff:ffff:ffff::)
> > What's a link-local address?
> An address that is only valid for a certain link, i.e. only reachable
> through that interface. Thus the special prefix (fe80) -- and naturally,
> those are only useful if you specify the interface as well, as you might
> have the same link-local address on two different interfaces.
> > What's a scope?
> In the case of a link-local address, the scope of an interface would be the
> subnet behind it.
> > I think I get that the parts after the '/' are masks, but what does it
> > mean to have just two colons in the address, with one field blank and the
> > third one either 1%eth0 or %eth0?
> The 1 is the last part of the address. It goes on until the "%", which
> denotes the start of the interface specification. The "/64" after the
> interface is indeed the netmask.
> Bert Vermeulen
> bert at biot.com
More information about the rsync