[Bug 1184] disable implicit concatenating of elements of sets with flag interval
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Fri Oct 6 22:59:47 CEST 2017
https://bugzilla.netfilter.org/show_bug.cgi?id=1184
Jeff Kletsky <netfilter at allycomm.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |netfilter at allycomm.com
--- Comment #6 from Jeff Kletsky <netfilter at allycomm.com> ---
I'm wholeheartedly behind disabling auto-merge of ranges!
Auto-merge is problematic for deletion and I'm glad that it was brought up.
If I add an element to a set, I should be able to delete that element later.
This allows dynamic behavior, for example by IP address. Just because two IP
addresses or ranges are coincident (or overlapping) doesn't mean that they can
be treated as a single entity from that point onward. Especially in the case
that two ranges overlap, what does it mean to delete one of them from the set?
Do you keep or remove the intersection?
Auto-merging makes confirming that the ruleset in memory is actually what was
intended. An example of this is the IPv6 address space, where I may enter
ranges that I wish to block based on their assignments (or lack thereof) and
would prefer not to have to manually confirm that the union of my inputs
correspond with the entries shown.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20171006/02c54261/attachment.html>
More information about the netfilter-buglog
mailing list