From aa76b382afce98927e122cac8ed77f1b3a67563e Mon Sep 17 00:00:00 2001
From: invalidator <9765843+invalidator@users.noreply.github.com>
Date: Sun, 24 Feb 2019 17:39:54 +0100
Subject: [PATCH] Document IPv6 usage in sample config:

- Explain how to bind to both IPv4 and IPv6 interfaces
- Provide a hint in the default [port_peer] section
- Do not enable it by default

Note that on Linux, use of '::' and IPv4-mapped IPv6 depends on a sysctl value
setting 'net.ipv6.bindv6only = 0' which seems to be the default on most Linux
distributions.
---
 cfg/rippled-example.cfg | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/cfg/rippled-example.cfg b/cfg/rippled-example.cfg
index 7e3033d7e..b4a0aa763 100644
--- a/cfg/rippled-example.cfg
+++ b/cfg/rippled-example.cfg
@@ -147,7 +147,11 @@
 #   ip = <IP-address>
 #
 #       Required. Determines the IP address of the network interface to bind
-#       to. To bind to all available interfaces, uses 0.0.0.0
+#       to. To bind to all available IPv4 interfaces, use 0.0.0.0
+#       To binding to all IPv4 and IPv6 interfaces, use ::
+#
+#       NOTE    if the ip value is ::, then any incoming IPv4 connections will
+#               be made as mapped IPv4 addresses.
 #
 #   port = <number>
 #
@@ -199,11 +203,17 @@
 #
 #       When set, grants administrative command access to the specified IP
 #       addresses. These commands may be issued over http, https, ws, or wss
-#       if configured on the port. If unspecified, the default is to not allow
+#       if configured on the port. If not provided, the default is to not allow
 #       administrative commands.
 #
+#       NOTE    A common configuration value for the admin field is "localhost".
+#               If you are listening on all IPv4/IPv6 addresses by specifing
+#               ip = :: then you can use admin = ::ffff:127.0.0.1,::1 to allow
+#               administrative access from both IPv4 and IPv6 localhost
+#               connections.
+#
 #       *SECURITY WARNING*
-#       0.0.0.0 may be specified to allow access from any IP address. It must
+#       0.0.0.0 or :: may be used to allow access from any IP address. It must
 #       be the only address specified and cannot be combined with other IPs.
 #       Use of this address can compromise server security, please consider its
 #       use carefully.
@@ -1152,6 +1162,8 @@ protocol = http
 [port_peer]
 port = 51235
 ip = 0.0.0.0
+# alternatively, to accept connections on IPv4 + IPv6, use:
+#ip = ::
 protocol = peer
 
 [port_ws_admin_local]