On Tuesday 28 May 2002 2:24 pm, Stephen Frost wrote: > * Thomas Heinz ([EMAIL PROTECTED]) wrote: > > Netfilter supports arbitrary netmasks for IP addresses which is more > > powerful than just those IP/x (0 <= x <= 32) expressions. > > For example one could use IP/255.0.255.255 (IP/23.13.42.0 would also work > > ;-). > > > > Are masks that cannot be expressed in the IP/x schmeme (at least not in > > one rule) used in practise? Are they used at all in firewall rulesets? > > I'm pretty confident they're not valid and don't make sense.
I disagree. They are valid (on most modern O/Ss, anyway). Whether or not they make sense depends on what you try and do with them. Linux routing can certainly handle arbitrary netmasks, and so can netfilter. I've never seen a good example of why someone would want to use them, though. You could choose to specify your private network as 192.168.0.27/255.255.0.255 for example, instead of the more usual 192.168.27.0/255.255.255.0 but I really don't see why you'd bother. Antony.