Re: Proposal to apply mask to IP address set on rule

To: Greg Troxel <gdt%lexort.com@localhost>
Subject: Re: Proposal to apply mask to IP address set on rule
From: Gert Doering <gert%greenie.muc.de@localhost>
Date: Sat, 24 May 2025 14:02:41 +0200

Hi,

On Sat, May 24, 2025 at 06:35:53AM -0400, Greg Troxel wrote:
> So far nobody has given examples of actual misconfigurations that would
> benefit from warnings.

That's mostly because you ignored the examples given - with an IPv4 /28,
when writing ".232/28", would that mean "I want to really block the 
subnet starting at .224, ending at .239?" or "I did the math incorrectly
and want to block ".232-.248" (which cannot be expressed by a /28).

This is why I agree that a warning can be useful, or making it explicit
how things are evaluated ("x.x.x.232/28 parsed as x.x.x.224/28").

I also agree that the behaviour of "just not matching things if such a
config is given" is the worst choice :-)

gert

-- 
Gert Doering - Munich, Germany                             gert%greenie.muc.de@localhost

References:
- Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Christoph Badura
- Re: Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Mouse
- Re: Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Greg Troxel

Prev by Date: Re: Proposal to apply mask to IP address set on rule
Next by Date: Re: Proposal to apply mask to IP address set on rule
Previous by Thread: Re: Proposal to apply mask to IP address set on rule
Next by Thread: Re: Proposal to apply mask to IP address set on rule
Indexes:

Home | Main Index | Thread Index | Old Index