On Monday, February 23, 2015 09:53:08 AM Daniel-Constantin Mierla wrote:
trusted does string comparison for the address field, it is not considered an ip address.
You should use address table instead if you just need matching on any ip address or subnet.
That's interesting. Is there a reason for the string comparison? Reading the README, trusted and address functions look incredibly similar, except trusted can match proto, and the address commands can match ports. What would be the advantage or use case of using either trusted or address?
On 23/02/15 03:49, Sergey Okhapkin wrote:
allow_trusted() function of permissions module doesn't work right with ipv6 addresses - it treats IP addresses as strings and doesn't take into account variations aaa:bbb::0 vs aaa:bbb:0:0:0:0:0:0.