[ntp:questions] Re: ipv6 restriction lines

Danny Mayer mayer at ntp.isc.org
Tue May 30 16:50:39 UTC 2006


Eric M. Hopper wrote:
>> What is the format for the ntp.conf "restrict" lines for ipv6
>> addresses?  I couldn't find it in the http "man" pages and these two
>> guesses both got gripes syslog-ed.
>>
>>     restrict 2001:05a8:0004:07d0::/48
>>     restrict 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff0:0000:0000:0000:0000
> 
> Here is what does work, and this is based on a very light reading of the
> source:
> 
> restrict -6 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff::
> 
> Your line may also have worked, but the -6 is safer.  I'm not positive
> that the address family information is propagated properly in all cases
> if it's discovered by parsing the main address rather then set
> explicitly with -6.
> 
> Even though it's what works, the mask is a really bad way to do this on
> IPv6.  The /48 syntax is what should be supported and used.  In fact, I
> think the mask is largely not the right way to do it on IPv4.  It
> provides a degree of flexibility and control that's both unnecessary and
> potentially confusing.
> 
> Have fun (if at all possible),
> 

You're lucky if any of this works. It's on my list of things to deal
with. We would like to support a prefixlen option as that makes a lot
more sense but that will need some additional work.

Danny



More information about the questions mailing list