# Robust sh script to obtain all IPv6 address on an interface?



## jef (May 3, 2018)

While ipfw supplies me6, I need the list of IPv6 addresses for a _specific_ interface to be used in an ipfw ruleset.

"Screen scraping" ifconfig is one option, but having a firewall at the whim of the human-readable output of even ifconfig is concerning. 

Is there a better way with the "stock" tools available during boot phases?


```
ifconfig <some_interface> | sed -E -n -e 's/^[[:space:]]*inet6 ([0-9a-f:]+)[^0-9a-f:].*$/\1/p'
```


----------



## VladiBG (May 3, 2018)

Can you just use the interface name in ipfw rule?


----------



## jef (May 3, 2018)

As the rule is to very tightly restrict the traffic coming into the interface, which is potentially on a "hostile" net, knowing the IP addresses is very valuable. versrcreach and the like only address _source, _and not _destination._


----------



## leebrown66 (May 4, 2018)

If the address is fixed, you can use a macro language like m4(1) to replace those addresses in all your config files, so they are always in sync (I use a simple makefile to generate the resultant files).

For dynamic addresses, you'll have to hook the appropriate mechanism that installs the addresses on the interfaces.  I'm not IPv6 familiar so I won't assume IPv4 methods work.

Personally I prefer awk(1), but YMMV:


```
ifconfig lo0 | awk '$1=="inet6"{split($2,p,"%");print p[1];}'
```


----------

