Hi Netfilter supports arbitrary netmasks for IP addresses which is more powerful than just those IP/x (0 <= x <= 32) expressions. For example one could use IP/255.0.255.255 (IP/23.13.42.0 would also work ;-).
Are masks that cannot be expressed in the IP/x schmeme (at least not in one rule) used in practise? Are they used at all in firewall rulesets? Thomas