Re: Proposal to apply mask to IP address set on rule

[Emmanuel Nyarko <emmankoko519%gmail.com@localhost>]

On 24 May 2025, at 3:53 PM, Vadim Goncharov <vadimnuclight%gmail.com@localhost> wrote:

On Sat, 24 May 2025 06:35:53 -0400
Greg Troxel <gdt%lexort.com@localhost> wrote:

It would be good if someone(tm) surveyed the N firewalls out there (all,
not just ones that run on NetBSD) to see what the broad practice is
about non-zero host bits.  My experience is somewhat limited, but I've
never run into errors or warnings.

As for FreeBSD 13.4's ipfw, it masks on add and echoes it back:

# ipfw add 2345 deny ip from 192.168.64.7/24 to any // tech-net%NetBSD.org@localhost
02345 deny ip from 192.168.64.0/24 to any // tech-net%NetBSD.org@localhost

FreeBSD applying the mask quickly to rule ip….

--
WBR, @nuclight

Emmanuel