Re: Proposal to apply mask to IP address set on rule

[mlelstv%serpens.de@localhost (Michael van Elst)]

gdt%lexort.com@localhost (Greg Troxel) writes:

>Firewall rules are not routing.  They are filtering.

>I think the only problem here is that some people don't want other
>people to write 192.168.64.7/24 in firewall rules, as they have been
>doing for years, and have it work.


I have seen both, host-bits being silently masked and host-bits != 0
being rejected.

My personal preference would be rejection to catch bad masks and
some explicit syntax like a function to compute the masked value
together with other functions for address arithmetic.