ipset returns "Zero valued IP address" when trying to add '0.0.0.0/7'

All of lore.kernel.org
 help / color / mirror / Atom feed

* ipset returns "Zero valued IP address" when trying to add '0.0.0.0/7'
@ 2008-11-12  5:55 JC Janos
  2008-11-12  6:23 ` Grant Taylor
  0 siblings, 1 reply; 4+ messages in thread
From: JC Janos @ 2008-11-12  5:55 UTC (permalink / raw)
  To: netfilter

Hello,

I'm using IPSET to create a nethash typed set to contain a short list
of "bogons" as defined @
http://www.team-cymru.org/Services/Bogons/#http for eventual use in a
firewall rule.

But for one of those defined nets, ipset fails to add,

 ipset -N BOGONS nethash
 ipset -A BOGONS 0.0.0.0/7
    ipset v2.4.3: Zero valued IP address `0.0.0.0' specified
    Try `ipset -H' or 'ipset --help' for more information.

I can certainly use the "0.0.0.0/7" in a rule.  How can I correctly
add it to an ipset?

Thanks.

--JC

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: ipset returns "Zero valued IP address" when trying to add '0.0.0.0/7'
  2008-11-12  5:55 ipset returns "Zero valued IP address" when trying to add '0.0.0.0/7' JC Janos
@ 2008-11-12  6:23 ` Grant Taylor
  2008-11-12  7:43   ` Jozsef Kadlecsik
  0 siblings, 1 reply; 4+ messages in thread
From: Grant Taylor @ 2008-11-12  6:23 UTC (permalink / raw)
  To: Mail List - Netfilter

On 11/11/2008 11:55 PM, JC Janos wrote:
> I'm using IPSET to create a nethash typed set to contain a short list 
> of "bogons" as defined @ 
> http://www.team-cymru.org/Services/Bogons/#http for eventual use in a 
> firewall rule.
> 
> But for one of those defined nets, ipset fails to add,
> 
>  ipset -N BOGONS nethash
>  ipset -A BOGONS 0.0.0.0/7
>     ipset v2.4.3: Zero valued IP address `0.0.0.0' specified
>     Try `ipset -H' or 'ipset --help' for more information.
> 
> I can certainly use the "0.0.0.0/7" in a rule.  How can I correctly 
> add it to an ipset?

It sounds like ipset does not like the fact that you are using an IP 
address that is all zeros.  You may have to add something like the 
following:

    ipset -A BOGONS 1.0.0.0/7
    ipset -A BOGONS 2.0.0.0/7
    ipset -A BOGONS 4.0.0.0/7
    ipset -A BOGONS 6.0.0.0/7
    ipset -A BOGONS 8.0.0.0/7
    ipset -A BOGONS 10.0.0.0/7
    ...
You probably will not be able to start the zero (0.0.0.0/7) network with 
a zero for the same reason you are running in to your problem.  However 
a 1.0.0.0 is with in the zero network with a netmask of /7.  The rest of 
the networks will probably add ok.

Also, are you sure you meant to enter a netmask of /7 and not /8?



Grant. . . .

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: ipset returns "Zero valued IP address" when trying to add '0.0.0.0/7'
  2008-11-12  6:23 ` Grant Taylor
@ 2008-11-12  7:43   ` Jozsef Kadlecsik
  2008-11-12 14:15     ` JC Janos
  0 siblings, 1 reply; 4+ messages in thread
From: Jozsef Kadlecsik @ 2008-11-12  7:43 UTC (permalink / raw)
  To: Grant Taylor; +Cc: Mail List - Netfilter

On Wed, 12 Nov 2008, Grant Taylor wrote:

> On 11/11/2008 11:55 PM, JC Janos wrote:
> > I'm using IPSET to create a nethash typed set to contain a short list of
> > "bogons" as defined @ http://www.team-cymru.org/Services/Bogons/#http for
> > eventual use in a firewall rule.
> > 
> > But for one of those defined nets, ipset fails to add,
> > 
> >  ipset -N BOGONS nethash
> >  ipset -A BOGONS 0.0.0.0/7
> >     ipset v2.4.3: Zero valued IP address `0.0.0.0' specified
> >     Try `ipset -H' or 'ipset --help' for more information.
> > 
> > I can certainly use the "0.0.0.0/7" in a rule.  How can I correctly add it
> > to an ipset?
> 
> It sounds like ipset does not like the fact that you are using an IP address
> that is all zeros.

Yes, exactly: a zero valued entry in the hash means "empty entry". 
Therefore a zero valued IP address cannot be added to a hash.

But "0.0.0.0/7" as a network address is not zero valued: the checking 
happens prematurely and prevents adding the network address to the hash.
I'm going to fix it.

Best regards,
Jozsef
-
E-mail  : kadlec@blackhole.kfki.hu, kadlec@mail.kfki.hu
PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
Address : KFKI Research Institute for Particle and Nuclear Physics
          H-1525 Budapest 114, POB. 49, Hungary

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: ipset returns "Zero valued IP address" when trying to add '0.0.0.0/7'
  2008-11-12  7:43   ` Jozsef Kadlecsik
@ 2008-11-12 14:15     ` JC Janos
  0 siblings, 0 replies; 4+ messages in thread
From: JC Janos @ 2008-11-12 14:15 UTC (permalink / raw)
  To: Jozsef Kadlecsik; +Cc: Grant Taylor, Mail List - Netfilter

Hi,

On Tue, Nov 11, 2008 at 10:23 PM, Grant Taylor
<gtaylor@riverviewtech.net> wrote:
> It sounds like ipset does not like the fact that you are using an IP address
> that is all zeros.  You may have to add something like the following:

Ok, It looks like 0.0.0.1/7 works too.

For all of those, the usable range looks the same,

 First Usable IP Address = .....: 0.0.0.1
 Last Usable IP Address = ......: 1.255.255.254

> Also, are you sure you meant to enter a netmask of /7 and not /8?

Welll, that's the range the list defines ...

On Tue, Nov 11, 2008 at 11:43 PM, Jozsef Kadlecsik
<kadlec@blackhole.kfki.hu> > > But "0.0.0.0/7" as a network address is
not zero valued: the checking
> happens prematurely and prevents adding the network address to the hash.
> I'm going to fix it.

Thanks for explaining and the fix.

--JC

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2008-11-12 14:15 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-11-12  5:55 ipset returns "Zero valued IP address" when trying to add '0.0.0.0/7' JC Janos
2008-11-12  6:23 ` Grant Taylor
2008-11-12  7:43   ` Jozsef Kadlecsik
2008-11-12 14:15     ` JC Janos

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.