On Thu, Jan 10, 2013 at 07:22:53AM -0500, James wrote: > > I would expect that if I entered: 192.168.123.3/24 (technically not a > whole network, but actually a single host in a /24 sized network, that > only 192.168.123.3 would follow this rule. It turns out this actually > will apply the rule to the 192.168.123.0/24 network. (Although I didn't > exhaustively test this. > The way to specify what you want is 192.168.123.3/32.
> Can this bug be corrected? The advantage is that other scripts and > what-nots that use a single "ip/cidr" variable to refer to one host can > be dropped in without worrying that we'll open up the whole network. If > ip is a network start, then we know it means the whole thing. > It is not a bug. The purpose of the bit mask is to specify which bits form a valid part of the network address versus the host address. Having 192.168.123.3/24 refer to the "single host 192.168.123.3" rather than "the network 192.168.123" violates the principle of least surprise. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users