Tim Connors wrote: > On Wed, 19 Jun 2013, Trent W. Buck wrote: > > > Tim Connors writes: > > > > > -A RH-Firewall-1-INPUT -s 12.3.4.5/16 -p tcp -m tcp -j ACCEPT > > > > One gotcha, which applies at -restore time, but not at -save time: > > > > Like IPv6, in IPv4 you can omit .0 segments: > > > > 1.4 --> 1.0.0.4 > > 1.2.4 --> 1.2.0.4 (I think - might be 1.0.2.4) > > I missed that went it was sent originally. > > > iptables-restore understands this. > > However, if there is a CIDR it expands differently: > > > > 1.4/24 --> 1.4.0.0/24 > > 1.2.4/24 --> 1.2.4.0/24 > > Holy crap that's ridiculous. Anyone who uses those stupid formats gets > what they deserve.
No worries -- nobody can afford a whole class B anymore anyway ;-P BTW 1.4 --> 1.0.0.4 works in ping and suchlike, too. Not nmap, tho.
signature.asc
Description: Digital signature
_______________________________________________ luv-main mailing list [email protected] http://lists.luv.asn.au/listinfo/luv-main
