RFC: Partial IP4 syntax

Henrik Nordstrom hno at marasystems.com
Wed Sep 29 19:05:15 CEST 2004

On Wed, 29 Sep 2004, Simon Lodal wrote:

> 1) iptables input: iptables' support for full 32bit format addresses is both 
> lacking and undocumented and could disappear without notice. So if any 
> programs use it they should rather be fixed.

I repead once again, introducing a new notation looking the same as an 
older well established (even if depreated) notation but with a different 
meaning is a terribly bad idea.

> iptables -L is for human eyes while iptables-save is for machine parsing. So 
> what if we make iptables -L print in any format it likes (not intended for 
> machine parsing anyway), but have iptables-save always print addresses in 
> full dotted quad?

Having iptables -L output anything else than quad dotted format is an even 
worse idea. Why outputting any other notation than the official standard?

> The question is how to interpret a single number. Implicitly append or 
> prepend a dot? Or interpret as full 32bit notation? Or ignore it?

Depends on if it is a CIDR number or not.

The following syntaxes I see as acceptable

quad dotted IP, hex or dec

N dotted IP (less than quad), hex or dec notation

CIDR notation
   N octets (up to four) / masksize. Only decimal.

   10/8 ==

Mask notation

   quad or N dotted IP / netmask in quad or N dotted IP form. hex or dec.

To differentiate between CIDR and Mask notation when the mask is specified 
using a single number use the <=32 magics.

I do not find 10. as suitable shorthand for even if this form 
is currently not in use in any of the established notations. The problem 
with 10. is that this could just as well be a partially typed IP address 
where the administrator meant to enter more information but forgot. These 
things happens more often than one would think.


More information about the netfilter-devel mailing list