I'm still happy to test your patch.
Or is it already online in current snapshot or somewhere else?
See attached. Let me know if this helps at all.
diff --git a/cbp/policies.pm b/cbp/policies.pm
index 0b5497f..5cddfd5 100644
--- a/cbp/policies.pm
+++ b/cbp/policies.pm
@@ -370,7 +370,7 @@ sub policySourceItemMatches
# Match IPv4 or IPv6
if (
$item =~ /^(?:\d{1,3})(?:\.(?:\d{1,3})(?:\.(?:\d{1,3})(?:\.(?:\d{1,3}))?)?)?(?:\/(\d{1,2}))?$/ ||
- $item =~ /^(?:::(:?[a-f\d]{1,4}:){0,7}?|(?::[a-f\d]{1,4}){0,7}?::|(?::[a-f\d]{1,4}){0,7}?::(?:[a-f\d]{1,4}:){0,7}?)(?:\/\d{1,3})?$/i
+ $item =~ /^(?:::(?:[a-f\d]{1,4}:){0,6}?[a-f\d]{1,4}|[a-f\d]{1,4}(?::[a-f\d]{1,4}){0,6}?::|[a-f\d]{1,4}(?::[a-f\d]{1,4}){0,6}?::(?:[a-f\d]{1,4}:){0,6}?[a-f\d]{1,4})(?:\/\d{1,3})?$/i
) {
# See if we get an object from
my $matchRange = new awitpt::netip($item);
@@ -385,7 +385,7 @@ sub policySourceItemMatches
# Match peer IPv4 or IPv6 (the server requesting the policy)
} elsif (
$item =~ /^\[(?:\d{1,3})(?:\.(?:\d{1,3})(?:\.(?:\d{1,3})(?:\.(?:\d{1,3}))?)?)?(?:\/(\d{1,2}))?\]$/ ||
- $item =~ /^\[((?:::(:?[a-f\d]{1,4}:){0,7}?|(?::[a-f\d]{1,4}){0,7}?::|(?::[a-f\d]{1,4}){0,7}?::(?:[a-f\d]{1,4}:){0,7}?)(?:\/\d{1,3})?)\]$/i
+ $item =~ /^\[((?:::(?:[a-f\d]{1,4}:){0,6}?[a-f\d]{1,4}|[a-f\d]{1,4}(?::[a-f\d]{1,4}){0,6}?::|[a-f\d]{1,4}(?::[a-f\d]{1,4}){0,6}?::(?:[a-f\d]{1,4}:){0,6}?[a-f\d]{1,4})(?:\/\d{1,3})?)\]$/i
) {
# We don't want the [ and ]
my $cleanItem = $1;
_______________________________________________
Users mailing list
[email protected]
http://lists.policyd.org/mailman/listinfo/users
