Strange thing with iptables

Szabolcs Gyurko szabolcs.gyurko at tlt.hu
Thu Sep 9 16:36:06 CEST 2004


Sure. That is what seems to me an absolute discarding of the ipv4 rules.
But it's a feature, so...


On Thu, 9 Sep 2004 14:33:06 +0000 (UTC), Alexey Toptygin  
<alexeyt at freeshell.org> wrote:

> On Thu, 9 Sep 2004, Martin Josefsson wrote:
>
>>> which looked like:
>>>
>>> iptables -A FORWARD -s $machine/255.255.0.255 -j ACCEPT
>>>
>>>
>>> What I was surprised on is the netmask. Is this a feature or a bug? I  
>>> mean
>>> this is quite strange netmask for me.
>>
>> It's a feature :)
>> It doesn't make the current code any more complicated.
>> And ther are actually people using it to do weird stuff...
>
> Do you mean that one can use arbitrary bitmasks wherever netfilter wants  
> a netmask value?
> So, one might select all IPs with the LSB set with 0.0.0.1/0.0.0.1?
>
>  			Alexey
>



-- 
Szabolcs Gyurko



More information about the netfilter-devel mailing list