Hi!
I noticed that while this ACL matches my source IP of 192.168.42.123:
acl src_internal_net src 192.168.42.0/24
this one does _not_:
acl src_internal_net src 192.168.42/24
While not strictly part of RFC 4632 (yet), leaving out trailing .0
octets is a very common notation and is probably going to be included
in a future RFC update (as per Errata 1577):
https://www.rfc-editor.org/errata_search.php?rfc=4632&eid=1577
If there are concerns against this notation, the config parser should
at least issue a WARNING or even ERROR about this, because I found it
it quite confusing. Especially if ACLs are used for actual access
control, this can have nasty consequences.
What do you think?
Cheers,
Daniel
--
Daniel Schneller
Principal Cloud Engineer
CenterDevice GmbH
I noticed that while this ACL matches my source IP of 192.168.42.123:
acl src_internal_net src 192.168.42.0/24
this one does _not_:
acl src_internal_net src 192.168.42/24
While not strictly part of RFC 4632 (yet), leaving out trailing .0
octets is a very common notation and is probably going to be included
in a future RFC update (as per Errata 1577):
https://www.rfc-editor.org/errata_search.php?rfc=4632&eid=1577
If there are concerns against this notation, the config parser should
at least issue a WARNING or even ERROR about this, because I found it
it quite confusing. Especially if ACLs are used for actual access
control, this can have nasty consequences.
What do you think?
Cheers,
Daniel
--
Daniel Schneller
Principal Cloud Engineer
CenterDevice GmbH