On Sun, 4 May 2014, Lennart Sorensen wrote:
On Sun, May 04, 2014 at 03:54:55PM -0400, Paul Wouters wrote:
I'm suggesting to block *.*.*.0 and *.*.*.255 irrespective of netmask.
This of course only prevents network/broadcast addresses for the "class
A, B and C" networks. Perhaps we can assume people using differently
sized pool know enough about network/broadcast address to exclude these.
If the netmask is /20, then you clearly should NOT block *.*.*.0, only
the first address in the range.
And hope that every OS that receives a *.*.*.0 will work fine with it?
And that sites or firewalls on the net won't firewall a *.*.*.0 IP address?
Have you ever gotten a DHCP/PPPOE address ending in .0 ?
Better to assume people DO know what they are doing than to screw things
up for those that actually do know what they are doing with no way for
them to fix it.
But in this case it does not screw you up, it just does not use 2x16 IP
addresses of your /20 pool, meaning you will have 4080-32=4048 IP
addresses left for assignments.
Paul
_______________________________________________
Swan-dev mailing list
[email protected]
https://lists.libreswan.org/mailman/listinfo/swan-dev
