From f922ddcc1cf89c966e17fa6502239dc6f71be80d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Markus=20M=C3=A4kel=C3=A4?= Date: Mon, 5 Oct 2020 10:27:16 +0300 Subject: [PATCH] MXS-3207: Document dbfwfilter user addresses The fact that "partial" wildcards aren't supported wasn't clearly documented. --- Documentation/Filters/Database-Firewall-Filter.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/Documentation/Filters/Database-Firewall-Filter.md b/Documentation/Filters/Database-Firewall-Filter.md index 6929318fd..cb14fab91 100644 --- a/Documentation/Filters/Database-Firewall-Filter.md +++ b/Documentation/Filters/Database-Firewall-Filter.md @@ -415,7 +415,19 @@ The second component is a list of user names and network addresses in the format *`user`*`@`*`0.0.0.0`*. The first part is the user name and the second part is the network address. You can use the `%` character as the wildcard to enable user name matching from any address or network matching for all users. After the -list of users and networks the keyword match is expected. +list of users and networks the keyword match is expected. This means that the +following user definitions are supported: + +* `user@host` +* `user@%` +* `%@host` + +Partial wildcards, e.g. `user@192.%` are not supported. + +As MaxScale listens to the IPv6 all address by default, IPv4 addresses will be +mapped into the IPv6 space. This means that the IPv4 address `192.168.0.1` will +show up in MaxScale as `::ffff:192.168.0.1`. Take this into account when +defining the `users` directives. After this either the keyword `any`, `all` or `strict_all` is expected. This defined how the rules are matched. If `any` is used when the first rule is