On Wed, Jul 26, 2017 at 02:52:25AM +1200, Bryan Christianson wrote:
> My view on this is that host/prefix is a shorthand notation for (ip_address & 
> mask) and that should work for both IPv6 and IPv4.
> i.e. there is an assumption that people understand how the network and mask 
> are both calculated and used.
> 
> I have no problem with the ip part being either a name or an address. In the 
> case of a name, there is always the dilemma of which ip address to use if 
> there are multiple A records for that name.

Right. There may be also AAAA records. To which addresses it should
apply? The addresses may change over time. Should chronyd try to
follow the changes? That would be tricky. I generally don't recommend
using hostnames in allow/deny.

> In chrony I think name/prefix could mean all hosts in the network defined by 
> (address & mask) == (host & mask)

I don't know. To me it doesn't feel right.

I'd like to make a 3.2 prerelease today. I have a "bugfix" commit for
this in my git. We can revisit this before the final release.

-- 
Miroslav Lichvar

-- 
To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org 
with "unsubscribe" in the subject.
For help email chrony-users-requ...@chrony.tuxfamily.org 
with "help" in the subject.
Trouble?  Email listmas...@chrony.tuxfamily.org.

Reply via email to