tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Proposal to apply mask to IP address set on rule



At Fri, 23 May 2025 08:34:36 +0200, Edgar Fuß <ef%math.uni-bonn.de@localhost> wrote:
Subject: Re: Proposal to apply mask to IP address set on rule
> 
> I would say that 192.168.123.248/28 is almost always an error, where you 
> either meant 192.168.123.240/28 or 192.168.123.248/29.

Huh?

Why would it be an error?

A bitmask is a bitmask -- apply the mask to the value and use the
result!

Perhaps, as Christoph noted in a separate message, there may be some
merit in warning when the mask has non-contiguous set bits, but that's
clearly never the case with the "/bits" form.


> As is 192.168.123.0/8, 

Well perhaps that is worth a warning, but only because RFC 1918 defines
192.168/16 as a special subnet, and so widening it beyond 16 bits is the
only questionable part.

> where you probably swapped net and host len and meant /24.

That makes no sense to me whatsoever.

-- 
					Greg A. Woods <gwoods%acm.org@localhost>

Kelowna, BC     +1 250 762-7675           RoboHack <woods%robohack.ca@localhost>
Planix, Inc. <woods%planix.com@localhost>     Avoncote Farms <woods%avoncote.ca@localhost>

Attachment: pgpZqnDuXLfDX.pgp
Description: OpenPGP Digital Signature



Home | Main Index | Thread Index | Old Index