13 Dec
2013
13 Dec
'13
6:38 a.m.
Tim Connors wrote:
On Wed, 19 Jun 2013, Trent W. Buck wrote:
Tim Connors writes:
-A RH-Firewall-1-INPUT -s 12.3.4.5/16 -p tcp -m tcp -j ACCEPT
One gotcha, which applies at -restore time, but not at -save time:
Like IPv6, in IPv4 you can omit .0 segments:
1.4 --> 1.0.0.4 1.2.4 --> 1.2.0.4 (I think - might be 1.0.2.4)
I missed that went it was sent originally.
iptables-restore understands this. However, if there is a CIDR it expands differently:
1.4/24 --> 1.4.0.0/24 1.2.4/24 --> 1.2.4.0/24
Holy crap that's ridiculous. Anyone who uses those stupid formats gets what they deserve.
No worries -- nobody can afford a whole class B anymore anyway ;-P BTW 1.4 --> 1.0.0.4 works in ping and suchlike, too. Not nmap, tho.