At Fri, 23 May 2025 08:34:36 +0200, Edgar Fuß <ef%math.uni-bonn.de@localhost> wrote: Subject: Re: Proposal to apply mask to IP address set on rule > > I would say that 192.168.123.248/28 is almost always an error, where you > either meant 192.168.123.240/28 or 192.168.123.248/29. Huh? Why would it be an error? A bitmask is a bitmask -- apply the mask to the value and use the result! Perhaps, as Christoph noted in a separate message, there may be some merit in warning when the mask has non-contiguous set bits, but that's clearly never the case with the "/bits" form. > As is 192.168.123.0/8, Well perhaps that is worth a warning, but only because RFC 1918 defines 192.168/16 as a special subnet, and so widening it beyond 16 bits is the only questionable part. > where you probably swapped net and host len and meant /24. That makes no sense to me whatsoever. -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpZqnDuXLfDX.pgp
Description: OpenPGP Digital Signature