all: upd chlog

CHANGELOG.md

@@ -25,6 +25,8 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 ### Added
 
+- Support for link-local subnets, i.e. `fe80::/16`, in the access settings
+  ([#6192]).
 - Support for comments in the ipset file ([#5345]).
 
 ### Fixed
@@ -36,6 +38,7 @@ NOTE: Add new changes BELOW THIS COMMENT.
   ([#6875]).
 
 [#5345]: https://github.com/AdguardTeam/AdGuardHome/issues/5345
+[#6192]: https://github.com/AdguardTeam/AdGuardHome/issues/6192
 [#6854]: https://github.com/AdguardTeam/AdGuardHome/issues/6854
 [#6875]: https://github.com/AdguardTeam/AdGuardHome/issues/6875
 

internal/dnsforward/access.go

@@ -47,7 +47,7 @@ func processAccessClients(
 		var ip netip.Addr
 		var ipnet netip.Prefix
 		if ip, err = netip.ParseAddr(s); err == nil {
-			ips.Add(ip.WithZone(""))
+			ips.Add(ip)
 		} else if ipnet, err = netip.ParsePrefix(s); err == nil {
 			*nets = append(*nets, ipnet)
 		} else {
@@ -140,8 +140,6 @@ func (a *accessManager) isBlockedHost(host string, qt rules.RRType) (ok bool) {
 // isBlockedIP returns the status of the IP address blocking as well as the rule
 // that blocked it.
 func (a *accessManager) isBlockedIP(ip netip.Addr) (blocked bool, rule string) {
-	ip = ip.WithZone("")
-
 	blocked = true
 	ips := a.blockedIPs
 	ipnets := a.blockedNets
@@ -158,7 +156,10 @@ func (a *accessManager) isBlockedIP(ip netip.Addr) (blocked bool, rule string) {
 	}
 
 	for _, ipnet := range ipnets {
-		if ipnet.Contains(ip) {
+		// Remove zone before checking because prefixes stip zones.
+		//
+		// TODO(d.kolyshev):  Cover with tests.
+		if ipnet.Contains(ip.WithZone("")) {
 			return blocked, ipnet.String()
 		}
 	}