Hi, this is my first post to the list. I agree with Stephen, these netmasks are (as far as I can tell) meaningless. Because of the way that you compute network addresses by comparing a mask to an address the 255.255.0.128 mask just will not do what you expect.
For more info check out: ftp://ftp.isi.edu/in-notes/rfc1878.txt or look up RFO1878 on your own. Here is one place: http://www.rfc-editor.org/cgi-bin/rfcsearch.pl --Erik -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Stephen Frost Sent: Tuesday, May 28, 2002 6:24 AM To: Thomas Heinz Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Arbitrary Netmasks * Thomas Heinz ([EMAIL PROTECTED]) wrote: > Netfilter supports arbitrary netmasks for IP addresses which is more > powerful than just those IP/x (0 <= x <= 32) expressions. > For example one could use IP/255.0.255.255 (IP/23.13.42.0 would also work > ;-). > > Are masks that cannot be expressed in the IP/x schmeme (at least not in one > rule) used in practise? Are they used at all in firewall rulesets? I'm pretty confident they're not valid and don't make sense. Stephen
