Re: Proposal to apply mask to IP address set on rule

[Greg Troxel <gdt%lexort.com@localhost>]

Emmanuel Nyarko <emmankoko519%gmail.com@localhost> writes:

>> On 21 May 2025, at 10:11 PM, Greg Troxel <gdt%lexort.com@localhost> wrote:
>> 
>> Emmanuel Nyarko <emmankoko519%gmail.com@localhost> writes:
>> 
>>> I think a simple warning will do. That rightmost bits are not 0s.
>> 
>> Certainly better than silent failure, but I think one should be able to
>> use prefixes like 192.168.1.7/24.  As I said, that is a way of
>> documenting that it was .7 that got it added, but that the intent was
>> to block the neighborhood.
> Very good case here.i couldn’t agree more.
>
> But I think that’s an information you can not easily know sometimes. Or ?
>  Especially when dealing with incident responses after you’re suspecting malicious activities from a source ip and maybe trying to block. Might be from a diff network, etc. so should probably warn to use a .0 when adding a mask.

I am not saying it should be required, or any kind of rule.  If someone
wants to put in a subnet with 0 in the host part because that's what
they are thinking about, that's totally fine.  I just meant that putting
in a host should be acceptable.