From 48c6242a7bd90ff5cf48f66a8a14d3e1e08666cb Mon Sep 17 00:00:00 2001
From: Stanislav Chzhen <s.chzhen@adguard.com>
Date: Tue, 16 Apr 2024 17:33:34 +0300
Subject: [PATCH] Pull request 2201: 6192-access-ipv6-zone

Updates #6192.

Squashed commit of the following:

commit e98c2f0fff0d617bff36f1bb583b1a95fe3a1af9
Merge: 4dd9218d4 6f7d5cc4b
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Apr 16 17:24:38 2024 +0300

    Merge branch 'master' into 6192-access-ipv6-zone

commit 4dd9218d4eee5918c152ca768f5a0a5ed19bfa6f
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Apr 16 16:12:24 2024 +0300

    all: upd chlog

commit e126e12f7024aaf9bb4d9abe0acbc5c1ccf00977
Merge: d57c34c51 201ac73cf
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Tue Apr 16 14:34:45 2024 +0300

    Merge branch 'master' into 6192-access-ipv6-zone

commit d57c34c51d2d5f6324c96e26a5a7c4134cae3a7f
Merge: decb768d3 df7f19eb8
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Mon Apr 15 16:26:57 2024 +0300

    Merge branch 'master' into 6192-access-ipv6-zone

commit decb768d3b9a9352f8012ae1f3e112d5774e5428
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Thu Apr 11 17:06:54 2024 +0300

    all: upd chlog

commit c8184bef8f3ec579049b4ac6b8451b611ae66e17
Merge: 5e0059b51 ff7c715c5
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Thu Apr 11 16:52:10 2024 +0300

    Merge branch 'master' into 6192-access-ipv6-zone

commit 5e0059b5199466ea88b246d1fc27563fc71af6d3
Author: Stanislav Chzhen <s.chzhen@adguard.com>
Date:   Wed Apr 10 16:59:37 2024 +0300

    dnsforward: access ipv6 zone
---
 CHANGELOG.md                  | 3 +++
 internal/dnsforward/access.go | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a0cf3821..7a276ffc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,8 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 ### Fixed
 
+- Support for link-local subnets, i.e. `fe80::/16`, in the access settings
+  ([#6192]).
 - The ability to apply an invalid configuration for private RDNS, which led to
   server inoperability.
 - Ignoring query log for clients with ClientID set ([#5812]).
@@ -40,6 +42,7 @@ NOTE: Add new changes BELOW THIS COMMENT.
 
 [#5345]: https://github.com/AdguardTeam/AdGuardHome/issues/5345
 [#5812]: https://github.com/AdguardTeam/AdGuardHome/issues/5812
+[#6192]: https://github.com/AdguardTeam/AdGuardHome/issues/6192
 [#6854]: https://github.com/AdguardTeam/AdGuardHome/issues/6854
 [#6875]: https://github.com/AdguardTeam/AdGuardHome/issues/6875
 
diff --git a/internal/dnsforward/access.go b/internal/dnsforward/access.go
index c4d6c591..c6c6beab 100644
--- a/internal/dnsforward/access.go
+++ b/internal/dnsforward/access.go
@@ -156,7 +156,10 @@ func (a *accessManager) isBlockedIP(ip netip.Addr) (blocked bool, rule string) {
 	}
 
 	for _, ipnet := range ipnets {
-		if ipnet.Contains(ip) {
+		// Remove zone before checking because prefixes stip zones.
+		//
+		// TODO(d.kolyshev):  Cover with tests.
+		if ipnet.Contains(ip.WithZone("")) {
 			return blocked, ipnet.String()
 		}
 	}