Skip to content

"rpcallowip=" configuration directive doesn't accept RFC4193 addresses #32433

New issue
New issue
Closed
#32539
Closed
"rpcallowip=" configuration directive doesn't accept RFC4193 addresses#32433
#32539
Labels
RPC/REST/ZMQSettings
@amg1127

Description

@amg1127
amg1127
opened on May 7, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Current behaviour

I have a local dual-stack network using RFC1918 addresses on IPv4 stack and RFC4193 addresses on IPv6 stack. I would like to restrict the access to RPC ports of Bitcoin Core nodes running in the network based on the source address of the connections. However, Bitcoin Core 29.0 doesn't accept rpcallowip= directives that specify addresses under the [fc00::/7] IP block.

Expected behaviour

Bitcoin Core should accept addresses under the [fc00::/7] IP block defined via rpcallowip= directives, and perform access control according to the list of network blocks specified via configuration or command line.

Steps to reproduce

Run the command line specified below on a CentOS Stream 9 machine connected to the internet.

$ curl --no-progress-meter -L 'https://bitcoincore.org/bin/bitcoin-core-29.0/bitcoin-29.0-x86_64-linux-gnu.tar.gz' | tar zx && mkdir -p data && ./bitcoin-29.0/bin/bitcoind '-rpcbind=[::]:8332' '-rpcallowip=fc00:db8:c0:ff:ee::/80'

Relevant log output

[admin@centos9-stream-a ~]$ curl --no-progress-meter -L 'https://bitcoincore.org/bin/bitcoin-core-29.0/bitcoin-29.0-x86_64-linux-gnu.tar.gz' | tar zx && mkdir -p data && ./bitcoin-29.0/bin/bitcoind '-rpcbind=[::]:8332' '-rpcallowip=fc00:db8:c0:ff:ee::/80'
2025-05-07T07:10:45Z Bitcoin Core version v29.0.0 (release build)
2025-05-07T07:10:45Z Using the 'sse4(1way),sse41(4way),avx2(8way)' SHA256 implementation
2025-05-07T07:10:45Z Using RdSeed as an additional entropy source
2025-05-07T07:10:45Z Using RdRand as an additional entropy source
2025-05-07T07:10:45Z Default data directory /home/admin/.bitcoin
2025-05-07T07:10:45Z Using data directory /home/admin/.bitcoin
2025-05-07T07:10:45Z Config file: /home/admin/.bitcoin/bitcoin.conf (not found, skipping)
2025-05-07T07:10:45Z Command-line arg: rpcallowip="fc00:db8:c0:ff:ee::/80"
2025-05-07T07:10:45Z Command-line arg: rpcbind="[::]:8332"
2025-05-07T07:10:45Z Using at most 125 automatic connections (1024 file descriptors available)
2025-05-07T07:10:45Z scheduler thread start
2025-05-07T07:10:45Z [error] Invalid -rpcallowip subnet specification: fc00:db8:c0:ff:ee::/80. Valid are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. 1.2.3.4/255.255.255.0) or a network/CIDR (e.g. 1.2.3.4/24).
Error: Invalid -rpcallowip subnet specification: fc00:db8:c0:ff:ee::/80. Valid are a single IP (e.g. 1.2.3.4), a network/netmask (e.g. 1.2.3.4/255.255.255.0) or a network/CIDR (e.g. 1.2.3.4/24).
2025-05-07T07:10:45Z [error] Unable to start HTTP server. See debug log for details.
Error: Unable to start HTTP server. See debug log for details.
2025-05-07T07:10:45Z Shutdown: In progress...
2025-05-07T07:10:45Z scheduler thread exit
2025-05-07T07:10:45Z Shutdown: done

--

RFC3849 addresses are accepted:

[admin@centos9-stream-a ~]$ curl --no-progress-meter -L 'https://bitcoincore.org/bin/bitcoin-core-29.0/bitcoin-29.0-x86_64-linux-gnu.tar.gz' | tar zx && mkdir -p data && ./bitcoin-29.0/bin/bitcoind '-rpcbind=[::]:8332' '-rpcallowip=2001:db8:c0:ff:ee::/80'
2025-05-07T07:11:56Z Bitcoin Core version v29.0.0 (release build)
2025-05-07T07:11:56Z Using the 'sse4(1way),sse41(4way),avx2(8way)' SHA256 implementation
2025-05-07T07:11:56Z Using RdSeed as an additional entropy source
2025-05-07T07:11:56Z Using RdRand as an additional entropy source
2025-05-07T07:11:56Z Default data directory /home/admin/.bitcoin
2025-05-07T07:11:56Z Using data directory /home/admin/.bitcoin
2025-05-07T07:11:56Z Config file: /home/admin/.bitcoin/bitcoin.conf (not found, skipping)
2025-05-07T07:11:56Z Command-line arg: rpcallowip="2001:db8:c0:ff:ee::/80"
2025-05-07T07:11:56Z Command-line arg: rpcbind="[::]:8332"
2025-05-07T07:11:56Z Using at most 125 automatic connections (1024 file descriptors available)
2025-05-07T07:11:56Z scheduler thread start
2025-05-07T07:11:56Z Binding RPC on address :: port 8332
2025-05-07T07:11:56Z WARNING: the RPC server is not safe to expose to untrusted networks such as the public internet
2025-05-07T07:11:56Z Generated RPC authentication cookie /home/admin/.bitcoin/.cookie
2025-05-07T07:11:56Z Permissions used for cookie: rw-------
2025-05-07T07:11:56Z Using random cookie authentication.
2025-05-07T07:11:56Z Starting HTTP server with 16 worker threads
2025-05-07T07:11:56Z Using wallet directory /home/admin/.bitcoin/wallets
2025-05-07T07:11:56Z init message: Verifying wallet(s)…
2025-05-07T07:11:56Z Using /16 prefix for IP bucketing
2025-05-07T07:11:56Z init message: Loading P2P addresses…
2025-05-07T07:11:56Z Creating peers.dat because the file was not found ("/home/admin/.bitcoin/peers.dat")
2025-05-07T07:11:56Z init message: Loading banlist…
2025-05-07T07:11:56Z Recreating the banlist database
2025-05-07T07:11:56Z SetNetworkActive: true
2025-05-07T07:11:56Z /home/admin/.bitcoin/fee_estimates.dat is not found. Continue anyway.

^C

How did you obtain Bitcoin Core

Pre-built binaries

What version of Bitcoin Core are you using?

Bitcoin Core daemon version v29.0.0

Operating system and version

CentOS Stream release 9

Machine specifications

QEMU/KVM virtual machine

Metadata

Metadata

Assignees

No one assigned

    Labels

    RPC/REST/ZMQSettings

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions