tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Proposal to apply mask to IP address set on rule
Emmanuel Nyarko <emmankoko519%gmail.com@localhost> writes:
> Supposed we want to block or pass packets from a subnet
Be careful between
packet arriving on a particular interface
packets with a source address from a particular IP prefix assigned to
some ethernet
> Say 192.168.64 subnet.(24 bits masking)
>
> So if We
> "pass from 192.168.64.7/24" on a rule.
>
> Is it ideal to also match all packets from 192.168.64 subnet ? As it would if we passed as
> 192.168.64.0/24 on rule.
I don't follo "ideal" but I would find it super surprising if this
didn't already work.
Whether the masked portion is 0 or something I think shouldn't matter
and shouldn't get a warning. I often leave that in a file while
blocking a /24, to record the offender and block the neighborhood.
What are you trying that you find doesn't work, or that code reading or
docs says won't?
Home |
Main Index |
Thread Index |
Old Index