CIDR notation is for addresses, not for names. That host/mask works with 
iptables is unintended functionality. In other words, a bug.

Denny


> On Jul 26, 2017, at 00:04, Miroslav Lichvar <mlich...@redhat.com> wrote:
> 
> On Tue, Jul 25, 2017 at 06:36:26PM +0000, Parker, Michael D. wrote:
>> BTW,  I have use this format in specifying network ranges in IPTABLES
>> without a problem (EX:  -A INPUT -s mynetwork/16 -j ACCEPT where my network
>> is defined in /etc/hosts)  ...so this type of syntax is a known quantity and
>> the action is generally understood.  
> 
> Ok, so there is at least one program which accepts such syntax.
> However, from the man page I have a feeling the mask was supposed to
> work only with IP addresses.
> 
> [!] -s, --source address[/mask][,...]
>      Source specification. Address can be either a  network  name,  a
>      hostname,  a  network  IP  address  (with  /mask), or a plain IP
>      address. Hostnames will be resolved once only, before  the  rule
>      is  submitted  to  the  kernel.  Please note that specifying any
>      name to be resolved with a remote query such as DNS is a  really
>      bad idea.  The mask can be either an ipv4 network mask (for ipt‐


--
To unsubscribe email chrony-users-requ...@chrony.tuxfamily.org
with "unsubscribe" in the subject.
For help email chrony-users-requ...@chrony.tuxfamily.org
with "help" in the subject.
Trouble?  Email listmas...@chrony.tuxfamily.org.

Reply via email to