On 08/04/2016 11:59 πμ, Daniel Schneller wrote: > Hi! > > I noticed that while this ACL matches my source IP of 192.168.42.123: > > acl src_internal_net src 192.168.42.0/24 > > this one does _not_: > > acl src_internal_net src 192.168.42/24 > > While not strictly part of RFC 4632 (yet), leaving out trailing .0 > octets is a very common notation and is probably going to be included > in a future RFC update (as per Errata 1577): > https://www.rfc-editor.org/errata_search.php?rfc=4632&eid=1577 > > If there are concerns against this notation, the config parser should > at least issue a WARNING or even ERROR about this, because I found it > it quite confusing. Especially if ACLs are used for actual access > control, this can have nasty consequences. > > What do you think? >
I had a similar discussion with a colleague for another software and I am against it: 1) In 2016 it is a bit weird to speak about classful networks 2) In may introduce ambiguity due to #2 But, this is my personal opinion. Cheers, Pavlos
signature.asc
Description: OpenPGP digital signature