On Wed, 18 Oct 2000 [EMAIL PROTECTED] wrote:
> > > By blocking 192.0.0.0/255.0.0.0 you are almost certainly blocking some
> > > valid public ip addresses, since the class C private addresses are limited
> > > to 256 networks of 256 hosts each, in the range 192.168.x.y. You probably
> > > want to deny 192.168.0.0/255.255.255.0.
> >
> > Untrue. The 255 in 255.0.0.0 locks all 8 bits in the first field,
> > which means that it *only* applies to addresses in the 192 network.
> > The range would be 192.0.0.0 - 192.255.255.255, not 223.255.255.255.
>
> You misread what I said. Class C is DEFINED to be
> 192.0.0.0-223.255.255.255, and other than this CONVENTION, has nothing to
> do with the masks actually in use. The range that Peter specified happens
> to fall within this range, which means using 255.0.0.0 would be a rather
> strange thing to do and 255.255.255.0 would be more conventional.
jeff, if someone came in on _any_ IP address whose first octet is 192, we
don't want to talk to them. wouldn't 255.0.0.0 be the correct thing to do?
we use 192.168.0.* for the internal network, but that's a different
device, and we don't have any chains in use for that device.
thanks!
pete
