On Fri, Jan 09, 2004 at 12:36:57AM -0500, millerbn wrote:
> Is 0/0 valid in a table? No error is generated, but traffic isn't passed as expected.
Tables use the existing radix code (the same that is used for routing
tables), and it doesn't handle /0. You can either use the workaround you
mentioned (0/1, 128/1), or, as usually makes more sense, express the
rule the other way around, instead of
> table <some> const { 0/0, !X.X.X.X/32, !X.X.X.X/32 }
> pass in log quick on $ext_if inet proto tcp from <some> to any ...
use
table <exceptsome> const { X.X.X.X/32, X.X.X.X/32 }
pass in log quick on $ext_if inet proto tcp from ! <some>
i.e. don't negate the entries, but negate the entire table. Most people
find that easier to read and maintain, too. Less table entries, less
exclamation marks, less CPU cycles.
Daniel
