On Tue, 28 May 2002, Thomas Heinz wrote: > Hi > > Netfilter supports arbitrary netmasks for IP addresses which is more > powerful than just those IP/x (0 <= x <= 32) expressions. > For example one could use IP/255.0.255.255 (IP/23.13.42.0 would also work ;-). > > Are masks that cannot be expressed in the IP/x schmeme (at least not in one > rule) used in practise? Are they used at all in firewall rulesets?
i recall wondering about non-contiguous netmasks a number of years ago, and asking someone more knowledgeable than i about them. he said that, while *technically* there's nothing wrong with them and that, *technically* they don't violate any rules, there's no guarantee that router vendors will support them since there's so little rationale for them. anyway, my $0.02, for what it's worth. rday
