On 2022-06-08 11:38, Chris Hall wrote:
For input such as "-s 10.0.0.2/24", the 10.0.0.2 simply isn't a valid
network address for a /24 network.
I agree: the parser should detect invalid input and reject it. I can
see no good reason for being sloppy here.
If someone uses 10.0.0.2/24 but meant 10.0.0.2/32, then just omit the
/24 or /32 - it's not required.
'-s 10.0.0.2' works fine
Thinking of all the iptables firewall scripts that could be in use right
now, and would be affected by a change that stops accepting
'10.0.0.2/24' as acceptable, and the disruption that would cause,
expecting it to be changed is unreasonable.
If you mean to write a rule for a single IP address then just use that
single IP address, don't use a subnet suffix. Get into that habit
instead.
Matt