At Fri, 23 May 2025 17:05:01 -0400 (EDT), Mouse <mouse%Rodents-Montreal.ORG@localhost> wrote: Subject: Re: Proposal to apply mask to IP address set on rule > > >> As is 192.168.123.0/8, > > [...] > >> where you probably swapped net and host len and meant /24 > > That makes no sense to me whatsoever. > > 192.18.123.0/24 is 24 bits of network, 8 of host. It's easy enough to > mentally swap those and write /8 instead, counting the host bits > instead of the network bits. I've almost never ever counted or considered the host bits when writing a subnet specification, and _especially_ not ever when writing a filter rule. Subnets have a number of bits to represent the network address, and the number of bits left over to specify hosts is of course then implied by the subnet "size". I would only ever do the subtraction to find the number of host bits if I was critically concerned that there would be room enough in the subnet for some expected number of hosts, but I would probably only have to do that if I was designing a subnetting scheme. In fact when I'm writing filter rules to block out network offenders I typically cut&paste the address of an example remote host causing problems, paste it into a rule, then run "jwhois" on the same address, and finally copy the reported CIDR subnet size into the rule as well, appending it to the address, if I want to block the whole origin subnet. -- Greg A. Woods <gwoods%acm.org@localhost> Kelowna, BC +1 250 762-7675 RoboHack <woods%robohack.ca@localhost> Planix, Inc. <woods%planix.com@localhost> Avoncote Farms <woods%avoncote.ca@localhost>
Attachment:
pgpPwV21_oias.pgp
Description: OpenPGP Digital Signature