>> Read the manpage: "Address can be either a network name, a network IP address (with /mask), or a plain IP address". The manpage states that the input can be either of three: 1) a network name 2) network IP address (with /mask) (i.e. 10.0.0.0/24 in the example) 3) a plain IP address (i.e. 10.0.0.2 or equivalently 10.0.0.2/32 in the example) and the input 10.0.0.2/24 is neither of those three (it's a contextually inappropriate combination of 2 and 3). It therefore should be rejected, but instead it is reinterpreted to be of type 2), i.e. a network IP address (with /mask). What do you think? My point is, I think this re-interpretation dangerous. I think the appropriate behaviour would be to error on incorrect/ambiguous input. >> The input is interpreted accordingly, therefore 10.0.0.2/24 is equal to 10.0.0.0/24. But would you agree that if the input isn't of the 3 three types explicitly allowed in the manpage, it should be rejected? The word "either" in the manpage gives the impression that the three options are mutually exclusive, and not a contextually inappropriate mixture.
