[Dnsmasq-discuss] [PATCH] auth-zone to ignore more non-global addresses

Simon Kelley simon at thekelleys.org.uk
Fri Jan 23 14:15:13 GMT 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/01/15 22:39, Alexander Clouter wrote:
>> On 20/01/15 20:33, Alexander Clouter wrote:
>> 
>> One possible solution  to this might be to make the filter
>> language in - --auth-zone allow _exclusion_ of subnets as well as
>> inclusion, say somthing like
>> 
>> exclude:fd00::/8
>> 
>> for ULA addresses.
>> 
>> So now you could do
>> 
>> - -auth-zone=digriz.wormnet.eu,lo,ppp0,br0/6,exclude:fd00::/8
>> 
>> Which will give you all the A and AAAA addresses in the 
>> subnets/prefixes associated with those interfaces, except the
>> ULA addresses. Extending that to exclude RFC1918 is trivial.
>> 
>> Comments?
> 
> Looks good to me, covers exactly what I want out of it.
> 
> You want me to roll up my sleeves and do this, as I'm the only
> weirdo using loopback like this :)
> 
> If so, you okay with me adding support for a macro expansion (say
> called '%nonglobal') which just includes everything for now marked
> non-global in RFC6890?  I see this being used like:
> 
> auth-zone=digriz.wormnet.eu,lo,ppp0,br0/6,exclude:%nonglobal,exclude:1.2.3.0/24,exclude:2005:1:2::/48
>
> 
> 
> Thanks
> 

Please go for it.


Cheers,


Simon.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlTCV3EACgkQKPyGmiibgrc8FQCfSA/iVNgBdouigVFwOm0yvAez
djYAniHeuMyrOCtPt97lgMNUSH4AfdNJ
=lnQW
-----END PGP SIGNATURE-----



More information about the Dnsmasq-discuss mailing list