Robust sh script to obtain all IPv6 address on an interface?

While ipfw supplies me6, I need the list of IPv6 addresses for a specific interface to be used in an ipfw ruleset.

"Screen scraping" ifconfig is one option, but having a firewall at the whim of the human-readable output of even ifconfig is concerning.

Is there a better way with the "stock" tools available during boot phases?

Code:
ifconfig <some_interface> | sed -E -n -e 's/^[[:space:]]*inet6 ([0-9a-f:]+)[^0-9a-f:].*$/\1/p'
 
As the rule is to very tightly restrict the traffic coming into the interface, which is potentially on a "hostile" net, knowing the IP addresses is very valuable. versrcreach and the like only address source, and not destination.
 
If the address is fixed, you can use a macro language like m4(1) to replace those addresses in all your config files, so they are always in sync (I use a simple makefile to generate the resultant files).

For dynamic addresses, you'll have to hook the appropriate mechanism that installs the addresses on the interfaces. I'm not IPv6 familiar so I won't assume IPv4 methods work.

Personally I prefer awk(1), but YMMV:

sh:
ifconfig lo0 | awk '$1=="inet6"{split($2,p,"%");print p[1];}'
 
Back
Top