[Dnsmasq-discuss] [PATCH] auth-zone to ignore more non-global addresses
Simon Kelley
simon at thekelleys.org.uk
Fri Jan 23 14:15:13 GMT 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 21/01/15 22:39, Alexander Clouter wrote:
>> On 20/01/15 20:33, Alexander Clouter wrote:
>>
>> One possible solution to this might be to make the filter
>> language in - --auth-zone allow _exclusion_ of subnets as well as
>> inclusion, say somthing like
>>
>> exclude:fd00::/8
>>
>> for ULA addresses.
>>
>> So now you could do
>>
>> - -auth-zone=digriz.wormnet.eu,lo,ppp0,br0/6,exclude:fd00::/8
>>
>> Which will give you all the A and AAAA addresses in the
>> subnets/prefixes associated with those interfaces, except the
>> ULA addresses. Extending that to exclude RFC1918 is trivial.
>>
>> Comments?
>
> Looks good to me, covers exactly what I want out of it.
>
> You want me to roll up my sleeves and do this, as I'm the only
> weirdo using loopback like this :)
>
> If so, you okay with me adding support for a macro expansion (say
> called '%nonglobal') which just includes everything for now marked
> non-global in RFC6890? I see this being used like:
>
> auth-zone=digriz.wormnet.eu,lo,ppp0,br0/6,exclude:%nonglobal,exclude:1.2.3.0/24,exclude:2005:1:2::/48
>
>
>
> Thanks
>
Please go for it.
Cheers,
Simon.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlTCV3EACgkQKPyGmiibgrc8FQCfSA/iVNgBdouigVFwOm0yvAez
djYAniHeuMyrOCtPt97lgMNUSH4AfdNJ
=lnQW
-----END PGP SIGNATURE-----
More information about the Dnsmasq-discuss
mailing list