Re: Proposal to apply mask to IP address set on rule

To: tech-net%NetBSD.org@localhost
Subject: Re: Proposal to apply mask to IP address set on rule
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Sat, 24 May 2025 08:25:56 -0400 (EDT)

> Let's firewall a subnet for 16 hosts -- QUICK!:
> Is 192.168.33.136/28 on a /28 boundary or not?

Not (of course, given the context):

[Sparkle] 79> echo 192.168.33.136/28 | cidr
192.158.33.128/28
[Sparkle] 80> echo 136 | cvtbase d b
10001000
[Sparkle] 81> 

As for "QUICK", prseumably meaning "do it in your head" - I have yet to
see a case where the few seconds involved in checking it would be
excessive for the benefit.

> I certainly welcome the option to apply "neighbourhood" expressions
> such as "192.168.64.7/24" in ad-hoc tcpdumps and quick firewall
> entries as much as you do.

Maybe 192.168.64.7/24 versus 192.168.64.7\24?  Though which is which
would doubtless be a source of endless bikeshedding.

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Christoph Badura
- Re: Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Mouse
- Re: Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Greg Troxel
- Re: Proposal to apply mask to IP address set on rule
  - From: Martin Neitzel

Prev by Date: Re: Proposal to apply mask to IP address set on rule
Next by Date: Re: Proposal to apply mask to IP address set on rule
Previous by Thread: Re: Proposal to apply mask to IP address set on rule
Next by Thread: Re: Proposal to apply mask to IP address set on rule
Indexes:

Home | Main Index | Thread Index | Old Index