Re: Proposal to apply mask to IP address set on rule

To: tech-net%netbsd.org@localhost
Subject: Re: Proposal to apply mask to IP address set on rule
From: mlelstv%serpens.de@localhost (Michael van Elst)
Date: Sat, 24 May 2025 20:29:45 -0000 (UTC)

woods%planix.ca@localhost ("Greg A. Woods") writes:

>Some have suggested they've "seen warnings or rejects" before, but
>nobody has given a concrete reference, except for me [tcpdump, where it
>causes nothing but annoyance and requires extra effort to work around].

Access lists for Squid and Varnish web caches both warn you about
about a bad subnet definition with nonzero host part and tell you
how they "fix" it (by zeroing the host part).

Wireguard warns you about a nozero host part (probably then
ignores it then).

libwwrap (tcpwrappers) warns you about non-zero host bits (and ignores them).

So, at least warnings aren't that rare.

Follow-Ups:
- Re: Proposal to apply mask to IP address set on rule
  - From: Greg A. Woods

References:
- Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Christoph Badura
- Re: Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Mouse
- Re: Proposal to apply mask to IP address set on rule
  - From: Emmanuel Nyarko
- Re: Proposal to apply mask to IP address set on rule
  - From: Greg Troxel
- Re: Proposal to apply mask to IP address set on rule
  - From: Martin Neitzel
- Re: Proposal to apply mask to IP address set on rule
  - From: Christoph Badura
- Re: Proposal to apply mask to IP address set on rule
  - From: Greg A. Woods

Prev by Date: Re: Proposal to apply mask to IP address set on rule
Next by Date: Re: Proposal to apply mask to IP address set on rule
Previous by Thread: Re: Proposal to apply mask to IP address set on rule
Next by Thread: Re: Proposal to apply mask to IP address set on rule
Indexes:

Home | Main Index | Thread Index | Old Index