CIDR notation is for addresses, not for names. That host/mask works with 
iptables is unintended functionality. In other words, a bug.


> On Jul 26, 2017, at 00:04, Miroslav Lichvar <> wrote:
> On Tue, Jul 25, 2017 at 06:36:26PM +0000, Parker, Michael D. wrote:
>> BTW,  I have use this format in specifying network ranges in IPTABLES
>> without a problem (EX:  -A INPUT -s mynetwork/16 -j ACCEPT where my network
>> is defined in /etc/hosts) this type of syntax is a known quantity and
>> the action is generally understood.  
> Ok, so there is at least one program which accepts such syntax.
> However, from the man page I have a feeling the mask was supposed to
> work only with IP addresses.
> [!] -s, --source address[/mask][,...]
>      Source specification. Address can be either a  network  name,  a
>      hostname,  a  network  IP  address  (with  /mask), or a plain IP
>      address. Hostnames will be resolved once only, before  the  rule
>      is  submitted  to  the  kernel.  Please note that specifying any
>      name to be resolved with a remote query such as DNS is a  really
>      bad idea.  The mask can be either an ipv4 network mask (for ipt‐

To unsubscribe email
with "unsubscribe" in the subject.
For help email
with "help" in the subject.
Trouble?  Email

Reply via email to