On 30/07/2016 10:17 PM, Dr. Rolf Jansen wrote:
I am still a little bit amazed how ipfw come to accept incorrect CIDR ranges
and arbitrarily moves the start/end addresses in order to achieve CIDR
conformity, and that without any further notice, and that given that ipfw can
be considered as being quite relevant to system security. Or, may I assume that
ipfw knows always better than the user what should be allowed or denied.
Otherwise, perhaps I am the only one ever who input incorrect CIDR ranges for
processing by ipfw.
it's not so amazing when you think about it. The code comes from the
routing table..
In this context a.b.c.d/N means "the range of addresses containing
a.b.c.d, masked to a length of N". there is no specification that
a.b.c.d is the first address of the range. I have relied upon this
behaviour many times.
Best regards
Rolf
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
_______________________________________________
freebsd-ipfw@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
To unsubscribe, send any mail to "freebsd-ipfw-unsubscr...@freebsd.org"
