iptables 1.3.6 not using /etc/networks
alexeyt at freeshell.org
Mon Nov 13 16:50:35 CET 2006
On Mon, 13 Nov 2006, Martijn Lievaart wrote:
> Alexey Toptygin wrote:
>> I don't understand what you mean. I think if it starts with a digit, it
>> must be an IP (or part of an IP with 0's dropped), else it is a network
>> name or a domain name (since neither of those can start with digits). If
>> it's an IP by the above logic, then pad it with '.0's as necessary (or
>> translate directly into a number without padding first). If it's not an IP,
>> first call getnetbyname on it and if that returns NULL call gethostbyname.
>> I think this algorithm works in all cases, unless I'm missing something.
> Domains can legitimately start with digits. F.i. 9292ov.nl. However, checking
> for a valid IP address (in all forms) should be trivial.
No, domains can't start with a digit. See RFC 1034:
>From which I quote:
> <domain> ::= <subdomain> | " "
> <subdomain> ::= <label> | <subdomain> "." <label>
> <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
> <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
> <let-dig-hyp> ::= <let-dig> | "-"
> <let-dig> ::= <letter> | <digit>
> <letter> ::= any one of the 52 alphabetic characters A through Z in
> upper case and a through z in lower case
> <digit> ::= any one of the ten digits 0 through 9
More information about the netfilter-devel