Strange thing with iptables
szabolcs.gyurko at tlt.hu
Thu Sep 9 16:36:06 CEST 2004
Sure. That is what seems to me an absolute discarding of the ipv4 rules.
But it's a feature, so...
On Thu, 9 Sep 2004 14:33:06 +0000 (UTC), Alexey Toptygin
<alexeyt at freeshell.org> wrote:
> On Thu, 9 Sep 2004, Martin Josefsson wrote:
>>> which looked like:
>>> iptables -A FORWARD -s $machine/255.255.0.255 -j ACCEPT
>>> What I was surprised on is the netmask. Is this a feature or a bug? I
>>> this is quite strange netmask for me.
>> It's a feature :)
>> It doesn't make the current code any more complicated.
>> And ther are actually people using it to do weird stuff...
> Do you mean that one can use arbitrary bitmasks wherever netfilter wants
> a netmask value?
> So, one might select all IPs with the LSB set with 0.0.0.1/0.0.0.1?
More information about the netfilter-devel