Strange thing with iptables
Willy Tarreau
willy at w.ods.org
Sat Sep 11 19:52:07 CEST 2004
Hi,
On Thu, Sep 09, 2004 at 02:18:15PM +0200, Martin Josefsson wrote:
> >
> > iptables -A FORWARD -s $machine/255.255.0.255 -j ACCEPT
> >
> >
> > What I was surprised on is the netmask. Is this a feature or a bug? I mean
> > this is quite strange netmask for me.
>
> It's a feature :)
> It doesn't make the current code any more complicated.
> And ther are actually people using it to do weird stuff...
I second this. I actually had to use the same principle on some equipment
(alteon) which also supports this, and it saved me a lot of filters when
writing anti-spoofing rules on a port where two IP networks coexist.
Cheers,
Willy
More information about the netfilter-devel
mailing list