Package: haproxy Version: 1.4.8-1 Severity: wishlist HAproxy supports IPv6, when listening/bind, as well when forwarding to backend servers. Everything works, including logging. I do not tested yet balancing using ip source hashing, but I hope it works.
I have another problem. I have proxy servers behind a HAproxy in tcp mode, and would like to limit access to this service to only some IPv6 subnets and IPv6 addresses. With Ipv4 I would just use acl mytrustedclients4 src 10.2.3.0/24 tcp-request content accept if mytrustedclients4 tcp-request content reject # rest: ipv6 and not trusted ipv4 With IPv6 I cannot use src, and last tcp-request keyword, will make them to be rejected. So I need to change it to actually accept, which will allow traffic, but will allow any source Ipv6 address, as well also Ipv4. I can probably workaround this by using: acl mytrustedclients4 src 10.2.3.0/24 acl restofipv4 src 0.0.0.0/0 tcp-request content accept if mytrustedclients4 tcp-request content reject if restofipv4 tcp-request content accept # only ipv6 but still have no way to filter out ipv6 clients i do not want. I would like to use something like this acl mytrustedclients6 src6 2001:470:1234:123::/64 Current workaround is to use ip6tables and iptables to accept/deny in INPUT filter chains. But having ipv6 acls in haproxy, just like ipv4, would be often better solution (especially when need loging, or want to use more portable solution, or perform something else than just blocking traffic to some IPv6 addresses). Thanks. -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/2 CPU cores) Locale: LANG=, LC_CTYPE= (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages haproxy depends on: ii adduser 3.112+nmu2 add and remove users and groups ii libc6 2.11.2-10 Embedded GNU C Library: Shared lib ii libpcre3 8.02-1.1 Perl 5 Compatible Regular Expressi haproxy recommends no packages. haproxy suggests no packages. -- Configuration Files: /etc/default/haproxy changed [not included] /etc/haproxy/haproxy.cfg changed [not included] -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

