Re: Proposal to apply mask to IP address set on rule

[Christoph Badura <bad%bsd.de@localhost>]

On Sat, May 24, 2025 at 11:29:48AM -0700, Greg A. Woods wrote:
> At Sat, 24 May 2025 16:50:09 +0200, Christoph Badura <bad%bsd.de@localhost> wrote:
> Subject: Re: Proposal to apply mask to IP address set on rule
> >
> > On Sat, May 24, 2025 at 01:23:41PM +0200, Martin Neitzel wrote:
> > > GT> So far nobody has given examples of actual misconfigurations that would
> > > GT> benefit from warnings.
> > >
> > > Let's firewall a subnet for 16 hosts -- QUICK!:
> > > Is 192.168.33.136/28 on a /28 boundary or not?
> >
> > I see what mean.  And I've seen that happen.
> 
> This example is most absurd!
> 
> Where did the "192.168.33.136" come from?
> 
> Where did the "16" come from?  (no IPv4 subnet has 16 hosts!  16
> addresses, yes, but not 16 _hosts_)
> 
> How is this possibly related to firewall rules?  What's the rational?
> 
> What does it even mean to ask "is this on a /N 'boundary'?????".  Why do
> you need to know, or care?
> 
> I'm not even sure what you're trying to imply here Christoph.

You'd have to ask Martin not me.  He gave the example. :-)

I do think you are excessively nitpicking over casual phrasing.  And I don't
find it productive to the discussion.

--chris