Dear Shorewall, As you already know /etc/shorewall/rules allows:
ACTION zone:<ipspec> dest:<ipspec2> where <ipspec> allows various different formats. Valid ipspec's might include: 192.168.123.0/24 (the whole network) or 192.168.123.3 (a single host) for example. I would expect that if I entered: 192.168.123.3/24 (technically not a whole network, but actually a single host in a /24 sized network, that only 192.168.123.3 would follow this rule. It turns out this actually will apply the rule to the 192.168.123.0/24 network. (Although I didn't exhaustively test this. Can this bug be corrected? The advantage is that other scripts and what-nots that use a single "ip/cidr" variable to refer to one host can be dropped in without worrying that we'll open up the whole network. If ip is a network start, then we know it means the whole thing. Thank you, James
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft MVPs and experts. ON SALE this month only -- learn more at: http://p.sf.net/sfu/learnmore_122712
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
