tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Proposal to apply mask to IP address set on rule
> Let's firewall a subnet for 16 hosts -- QUICK!:
> Is 192.168.33.136/28 on a /28 boundary or not?
Not (of course, given the context):
[Sparkle] 79> echo 192.168.33.136/28 | cidr
192.158.33.128/28
[Sparkle] 80> echo 136 | cvtbase d b
10001000
[Sparkle] 81>
As for "QUICK", prseumably meaning "do it in your head" - I have yet to
see a case where the few seconds involved in checking it would be
excessive for the benefit.
> I certainly welcome the option to apply "neighbourhood" expressions
> such as "192.168.64.7/24" in ad-hoc tcpdumps and quick firewall
> entries as much as you do.
Maybe 192.168.64.7/24 versus 192.168.64.7\24? Though which is which
would doubtless be a source of endless bikeshedding.
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index