When using a config like the following:
[[server]]
listen = "[::]:123"
[server.allowlist]
filter = ["10.0.0.0/16"]
action = "ignore"
all replies from clients in the allowed subnet are ignored. Switching the config to using IPv4-mapped IPv6 addresses instead makes things work as expected:
[[server]]
listen = "[::]:123"
[server.allowlist]
filter = ["::ffff:10.0.0.0/112"]
action = "ignore"
This is somewhat surprising, and hard to debug (filtering decisions do not seem to appear in the logs, even with log-level = "trace"). I would expect ntpd-rs to be smart enough to recognise the mapped addresses as v4 addresses and correctly apply the allowlist rules.
When using a config like the following:
all replies from clients in the allowed subnet are ignored. Switching the config to using IPv4-mapped IPv6 addresses instead makes things work as expected:
This is somewhat surprising, and hard to debug (filtering decisions do not seem to appear in the logs, even with
log-level = "trace"). I would expect ntpd-rs to be smart enough to recognise the mapped addresses as v4 addresses and correctly apply the allowlist rules.