Post by @PowerCrazy

In reply to 1 earlier post

@emotional_soup_88__dup_21417@programming.dev on programming.dev Open parent

The behavior of /24 vs /32 addresses when using iptables

I added a rule to accept connections from 192.168.1.135/24, since my router is configured to hand out /24 addresses. Then, iptables -L -v showed that connections from 192.168.1.0/24 are accepted. When I change the rule to accept connections from .135/32 - or from .135 without specifying the subnet -, it not only works as intended, but it also resolves the hostname correctly. Why? unsolicited “why do you still use iptables” advice not welcome :D

Open parent Original URL

PowerCrazy in !linux

@PowerCrazy@lemmy.ml · Mar 04

You need to understand subnetting. Allowing 192.168.1.0/24 also allows 192.168.1.135/24 In fact 192.168.1.135/24 shouldn’t be valid syntax at all, but it is easier to accept it and then let subnet math fix the mistake. I assume your router is 192.168.1.135 for whatever reason, so as long as your router is contained in the configured iptables allowed network, it’ll work with all of the following networks. 192.168.1.135/32 192.168.1.134/31 192.168.1.132/30 192.168.1.128/29 192.168.1.128/28 192.168.1.128/27 192.168.1.128/26 192.168.1.128/25 192.168.1.0/24 192.168.0.0/23 … And 22 even larger networks. If you don’t configure a subnet mask for the rule, iptables will accept the IP address you put in as a single host, the /32 is implied. The same behavior would be seen using any kind of network filter, though they may not allow you to specify 192.168.1.135/24, they may require a bit boundary, but mathematically, it’s the same.

View on lemmy.ml

Loading comments...

About Community

Linux

!linux@lemmy.ml

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

64666

Members

10906

Posts

Created: June 01, 2019

View All Posts