tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Proposal to apply mask to IP address set on rule



> Let's firewall a subnet for 16 hosts -- QUICK!:
> Is 192.168.33.136/28 on a /28 boundary or not?

Not (of course, given the context):

[Sparkle] 79> echo 192.168.33.136/28 | cidr
192.158.33.128/28
[Sparkle] 80> echo 136 | cvtbase d b
10001000
[Sparkle] 81> 

As for "QUICK", prseumably meaning "do it in your head" - I have yet to
see a case where the few seconds involved in checking it would be
excessive for the benefit.

> I certainly welcome the option to apply "neighbourhood" expressions
> such as "192.168.64.7/24" in ad-hoc tcpdumps and quick firewall
> entries as much as you do.

Maybe 192.168.64.7/24 versus 192.168.64.7\24?  Though which is which
would doubtless be a source of endless bikeshedding.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index