BTW, Several programs allow one to basically use (in IPV4) the form
10.10.10.10/16  to mean 10.10.0.0/16.....I see no issue here as the Systems
administrator should be aware of this.

As for using the /etc/networks....for the symbolic name that might be fine,
however, having an entry in that file does NOT imply the number of network
bits (CIDR).....and the file format does not entertain such a move either.
This file is basically a remnant from an older network period of time where
there were only class A (/8) , B (/16) and C (/24) network namespace
provided. 

I'd really still like to have some type of format where a symbolic network
name and CIDR could be included....I think my use of:  netname/CIDR was
actually pretty good.  In my case, I define netname in the /etc/hosts file
with the rule above applying.

BTW,  I have use this format in specifying network ranges in IPTABLES
without a problem (EX:  -A INPUT -s mynetwork/16 -j ACCEPT where my network
is defined in /etc/hosts)  ...so this type of syntax is a known quantity and
the action is generally understood.  

***** ***** *****
Michael D. Parker
General Atomics – ElectroMagnetics Systems Division (EMS)
michael.d.par...@ga.com  <<<<< NOTE: Remember to include my middle initial
>>>>>

************************************************************************
CONFIDENTIALITY NOTICE: This communication is intended to be confidential to
the 
person(s) to whom it is addressed.  If you are not the intended recipient or
the agent of the 
intended recipient or if you are unable to deliver this communication to the
intended 
recipient, you must not read, use or disseminate this information.  If you
have received 
this communication in error,please advise the sender immediately by
telephone and delete 
this messageand any attachments without retaining a copy.
*************************************************************************


-----Original Message-----
From: Miroslav Lichvar [mailto:mlich...@redhat.com] 
Sent: Tuesday, July 25, 2017 8:07 AM
To: chrony-users@chrony.tuxfamily.org
Subject: -EXT-Re: [chrony-users] Using symbolic network names in
/etc/chrony.conf file?

On Wed, Jul 26, 2017 at 02:52:25AM +1200, Bryan Christianson wrote:
> My view on this is that host/prefix is a shorthand notation for
(ip_address & mask) and that should work for both IPv6 and IPv4.
> i.e. there is an assumption that people understand how the network and
mask are both calculated and used.
> 
> I have no problem with the ip part being either a name or an address. In
the case of a name, there is always the dilemma of which ip address to use
if there are multiple A records for that name.

Right. There may be also AAAA records. To which addresses it should apply?
The addresses may change over time. Should chronyd try to follow the
changes? That would be tricky. I generally don't recommend using hostnames
in allow/deny.

> In chrony I think name/prefix could mean all hosts in the network 
> defined by (address & mask) == (host & mask)

I don't know. To me it doesn't feel right.

I'd like to make a 3.2 prerelease today. I have a "bugfix" commit for this
in my git. We can revisit this before the final release.

--
Miroslav Lichvar

--
To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org
with "unsubscribe" in the subject.
For help email chrony-users-requ...@chrony.tuxfamily.org
with "help" in the subject.
Trouble?  Email listmas...@chrony.tuxfamily.org.


Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to