Question about hosts_access(5)

Rick Stevens rstevens at vitalstream.com
Thu Feb 22 19:55:31 UTC 2007


On Thu, 2007-02-22 at 13:58 -0500, Kwan Lowe wrote:
> 
> >     An  expression  of the form 'n.n.n.n/m.m.m.m´ is interpreted as a
> >     'net/mask´ pair. An IPv4 host address is matched if 'net´ is equal
> >     to the bitwise AND of the  address  and  the  'mask´.  For example,
> >     the  net/mask pattern '131.155.72.0/255.255.254.0´ matches every
> >     address in the range '131.155.72.0´ through '131.155.73.255´.
> >
> >
> >     Is there any reason why it must be written out as:
> >
> >         131.155.72.0/255.255.254.0
> >
> >     ... as opposed to using the shorter version:
> >
> >         131.155.72.0/23
> 
> At one point it was possible to create a non-contiguous mask. This would not be
> doable with the short / notation.

The "short / notation" is called "CIDR" (classless interdomain routing)
notation.

> I've never actually used a non-contiguous mask, but there's a whole chapter on it in
> one of my earlier networking books.

I have.  It's a nightmare, but unfortunately many Asian ISPs use it to
spam.  Makes your iptables and firewall rules rather nasty.

----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-  Any sufficiently advanced technology is indistinguishable from a  -
-                              rigged demo.                          -
----------------------------------------------------------------------





More information about the fedora-list mailing list