[ntp:questions] Re: ipv6 restriction lines

Eric M. Hopper hopper at omnifarious.org
Tue May 30 00:41:12 UTC 2006


> What is the format for the ntp.conf "restrict" lines for ipv6
> addresses?  I couldn't find it in the http "man" pages and these two
> guesses both got gripes syslog-ed.
> 
>     restrict 2001:05a8:0004:07d0::/48
>     restrict 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff0:0000:0000:0000:0000

Here is what does work, and this is based on a very light reading of the
source:

restrict -6 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff::

Your line may also have worked, but the -6 is safer.  I'm not positive
that the address family information is propagated properly in all cases
if it's discovered by parsing the main address rather then set
explicitly with -6.

Even though it's what works, the mask is a really bad way to do this on
IPv6.  The /48 syntax is what should be supported and used.  In fact, I
think the mask is largely not the right way to do it on IPv4.  It
provides a degree of flexibility and control that's both unnecessary and
potentially confusing.

Have fun (if at all possible),
-- 
The best we can hope for concerning the people at large is that they
be properly armed.  -- Alexander Hamilton
-- Eric Hopper (hopper at omnifarious.org  http://www.omnifarious.org/~hopper) --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: This is a digitally signed message part
URL: <http://lists.ntp.org/pipermail/questions/attachments/20060529/0b8a877c/attachment.pgp>


More information about the questions mailing list