Inspired after making the move to IPv6 on my MySQL server, and intrigued by the lack of documentation regarding 'user'@'[IPv6]' nomenclature I proceeded to discover how to limit my users based on their IPv6 address.
My allocation is a /56 and so I wanted to limit my DB users to this prefix length. My test host was
2001:DB8:111:6601::a01:120
The following didn't work at all:
2001:DB8:111:6600::
2001:DB8:111:6600::%
2001:DB8:111:6601::
2001:DB8:111:66%::
2001:DB8:0111:6601::%
2001:DB8:111:6600::/56
2001:DB8:111:6601::a01:120/56
2001:DB8:111:6601:0:0:a01:120/56
2001:DB8:111:6601::a01:120/128
2001:DB8:111:6601::/64
2001:DB8:111:6601::%/128
2001:DB8:111:6601::%/1
2001:DB8:111:6601::%/64
2001:DB8:111:6601::a01:0120
The following worked
2001:DB8:111:6601::% (too limiting as it's a /64, not /56)
2001:DB8:111:6601::a01:120 (too limiting as it's a host)
2001:DB8:111:66%::% (but may match 066x in the 7th and 8th bytes)
2001:DB8:111:66__::% (this appears to be the best fit)
Some notes:
- don't use leading zeros in fields
- don't bother with /prefixlen
Asked by Scott
(1 rep)
Feb 26, 2020, 07:46 AM
Last activity: Jun 9, 2025, 06:07 PM
Last activity: Jun 9, 2025, 06:07 PM