[ntp:questions] Re: ipv6 restriction lines
mayer at ntp.isc.org
Tue May 30 16:50:39 UTC 2006
Eric M. Hopper wrote:
>> What is the format for the ntp.conf "restrict" lines for ipv6
>> addresses? I couldn't find it in the http "man" pages and these two
>> guesses both got gripes syslog-ed.
>> restrict 2001:05a8:0004:07d0::/48
>> restrict 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff0:0000:0000:0000:0000
> Here is what does work, and this is based on a very light reading of the
> restrict -6 2001:05a8:0004:07d0:: mask fffff:fffff:fffff:ffff::
> Your line may also have worked, but the -6 is safer. I'm not positive
> that the address family information is propagated properly in all cases
> if it's discovered by parsing the main address rather then set
> explicitly with -6.
> Even though it's what works, the mask is a really bad way to do this on
> IPv6. The /48 syntax is what should be supported and used. In fact, I
> think the mask is largely not the right way to do it on IPv4. It
> provides a degree of flexibility and control that's both unnecessary and
> potentially confusing.
> Have fun (if at all possible),
You're lucky if any of this works. It's on my list of things to deal
with. We would like to support a prefixlen option as that makes a lot
more sense but that will need some additional work.
More information about the questions