[ntp:questions] Re: ipv6 restriction lines

Eric M. Hopper hopper at omnifarious.org
Tue May 30 00:41:12 UTC 2006

> What is the format for the ntp.conf "restrict" lines for ipv6
> addresses?  I couldn't find it in the http "man" pages and these two
> guesses both got gripes syslog-ed.
>     restrict 2001:05a8:0004:07d0::/48
>     restrict 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff0:0000:0000:0000:0000

Here is what does work, and this is based on a very light reading of the

restrict -6 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff::

Your line may also have worked, but the -6 is safer.  I'm not positive
that the address family information is propagated properly in all cases
if it's discovered by parsing the main address rather then set
explicitly with -6.

Even though it's what works, the mask is a really bad way to do this on
IPv6.  The /48 syntax is what should be supported and used.  In fact, I
think the mask is largely not the right way to do it on IPv4.  It
provides a degree of flexibility and control that's both unnecessary and
potentially confusing.

Have fun (if at all possible),
The best we can hope for concerning the people at large is that they
be properly armed.  -- Alexander Hamilton
-- Eric Hopper (hopper at omnifarious.org  http://www.omnifarious.org/~hopper) --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ntp.org/pipermail/questions/attachments/20060529/0b8a877c/attachment.pgp>

More information about the questions mailing list