Strange thing with iptables
Alexey Toptygin
alexeyt at freeshell.org
Thu Sep 9 16:33:06 CEST 2004
On Thu, 9 Sep 2004, Martin Josefsson wrote:
>> which looked like:
>>
>> iptables -A FORWARD -s $machine/255.255.0.255 -j ACCEPT
>>
>>
>> What I was surprised on is the netmask. Is this a feature or a bug? I mean
>> this is quite strange netmask for me.
>
> It's a feature :)
> It doesn't make the current code any more complicated.
> And ther are actually people using it to do weird stuff...
Do you mean that one can use arbitrary bitmasks wherever netfilter wants a
netmask value?
So, one might select all IPs with the LSB set with 0.0.0.1/0.0.0.1?
Alexey
More information about the netfilter-devel
mailing list