From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Szabolcs Gyurko" Subject: Re: Strange thing with iptables Date: Thu, 09 Sep 2004 16:36:06 +0200 Sender: netfilter-devel-bounces@lists.netfilter.org Message-ID: References: <1094732295.8900.7.camel@localhost.localdomain> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; delsp=yes; charset=iso-8859-2 Content-Transfer-Encoding: 8bit Cc: netfilter-devel@lists.netfilter.org Return-path: To: "Alexey Toptygin" , "Martin Josefsson" In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: netfilter-devel-bounces@lists.netfilter.org List-Id: netfilter-devel.vger.kernel.org Sure. That is what seems to me an absolute discarding of the ipv4 rules. But it's a feature, so... On Thu, 9 Sep 2004 14:33:06 +0000 (UTC), Alexey Toptygin wrote: > On Thu, 9 Sep 2004, Martin Josefsson wrote: > >>> which looked like: >>> >>> iptables -A FORWARD -s $machine/255.255.0.255 -j ACCEPT >>> >>> >>> What I was surprised on is the netmask. Is this a feature or a bug? I >>> mean >>> this is quite strange netmask for me. >> >> It's a feature :) >> It doesn't make the current code any more complicated. >> And ther are actually people using it to do weird stuff... > > Do you mean that one can use arbitrary bitmasks wherever netfilter wants > a netmask value? > So, one might select all IPs with the LSB set with 0.0.0.1/0.0.0.1? > > Alexey > -- Szabolcs Gyurko