iptables 1.3.6 not using /etc/networks

Alexey Toptygin alexeyt at freeshell.org
Mon Nov 13 16:50:35 CET 2006


On Mon, 13 Nov 2006, Martijn Lievaart wrote:

> Alexey Toptygin wrote:
>
>> I don't understand what you mean. I think if it starts with a digit, it 
>> must be an IP (or part of an IP with 0's dropped), else it is a network 
>> name or a domain name (since neither of those can start with digits). If 
>> it's an IP by the above logic, then pad it with '.0's as necessary (or 
>> translate directly into a number without padding first). If it's not an IP, 
>> first call getnetbyname on it and if that returns NULL call gethostbyname. 
>> I think this algorithm works in all cases, unless I'm missing something.
>
> Domains can legitimately start with digits. F.i. 9292ov.nl. However, checking 
> for a valid IP address (in all forms) should be trivial.

No, domains can't start with a digit. See RFC 1034:

ftp://ftp.rfc-editor.org/in-notes/rfc1034.txt

>From which I quote:

> <domain> ::= <subdomain> | " "
>
> <subdomain> ::= <label> | <subdomain> "." <label>
>
> <label> ::= <letter> [ [ <ldh-str> ] <let-dig> ]
>
> <ldh-str> ::= <let-dig-hyp> | <let-dig-hyp> <ldh-str>
>
> <let-dig-hyp> ::= <let-dig> | "-"
>
> <let-dig> ::= <letter> | <digit>
>
> <letter> ::= any one of the 52 alphabetic characters A through Z in
> upper case and a through z in lower case
>
> <digit> ::= any one of the ten digits 0 through 9

 			Alexey



More information about the netfilter-devel mailing list