[Bug 844] Can set apparently invalid netmask for hash:ip

bugzilla-daemon at netfilter.org bugzilla-daemon at netfilter.org
Wed Aug 14 16:50:46 CEST 2013


Jozsef Kadlecsik <kadlec at netfilter.org> changed:

           What    |Removed                     |Added
                 CC|                            |kadlec at netfilter.org

--- Comment #1 from Jozsef Kadlecsik <kadlec at netfilter.org> 2013-08-14 16:50:45 CEST ---
The argument-order dependent netmask checking is fixed in bugzilla #841.

As to why speficic netmask values are excluded:

IPv4 32 and IPv6 128: those are identical with not spefifying the netmask
at all. Technically these cases could be allowed.

For IPv6 the netmasks less than 4 are not allowed because those are not
user friendly in the IPv6 notation: a::/4 is OK, but do you
know the boundary IPv6 addresses for a::/3?

124 is a compromise between a user friendly network and RFC3627. I believe
most people would argue that 64 should be the largest value instead of 124.

Configure bugmail: https://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.

More information about the netfilter-buglog mailing list