Sorry - I just realized I did not send the messages to the netfilter list, but replied to Reindl Harald directly. Harald patiently makes the point that >> how do you expect your calculator "error out" when you type "1+3" but meant "1+2"? I'm not sure I understand the analogy, because 1+3 is correct and unambiguous input. Why would the program then invent a different meaningful input, say "1+2"? Instead, 10.0.0.2/24 for the -s option is ambiguous (and I would argue incorrect), because the correct inputs should have been 10.0.0.0/24 (that's what iptables assumed I meant) or 10.0.0.2/32 (or equivalently 10.0.0.2) The latter is what I actually meant. I guess the question is, why does iptables re-interpret an incorrect (ambiguous) input, and not error? 10.0.0.2/24 makes no sense, right? Picking up the calculator analogy: if I open a python terminal, and type In [3]: 3)4 python errors due to syntax error. It doesn't just re-intepret it to '3+4' or '3-4' Thanks again for your patience! -----Original message----- From: Reindl Harald Sent: Friday, June 3 2022, 6:42 pm To: Stefan Riha Subject: Re: Possibly dangerous interpretation of address/prefix pair in -s option Am 03.06.22 um 18:36 schrieb Stefan Riha: > But it assumed that when I put in 10.0.0.2/24 you braindead moron IT CALCULATED 10.0.0.2/24 is for a computer similar to "1+2" for a human > I actually meant 10.0.0.0/24 then write it > That's possibly dangerous operate a firewall as beginner is in generall dangerous > because what I actually meant was 10.0.0.2 (or equivalently 10.0.0.2/32). then write it > As you said, it can't smell what I meant when I supplied an incorrect > input. So the right thing would be to error, and not do anything. how do you expect your calculator "error out" when you type "1+3" but meant "1+2"? > Instead it re-interprets my incorrect input FUCK IT - it DID NOT interprete - IT IT A CALCULATION