#130602 netmask: add support for grouping

Package:
netmask
Source:
netmask
Description:
helps determine network masks
Submitter:
Date:
2005-07-18 03:07:43 UTC
Severity:
wishlist
#130602#5
Date:
2002-01-24 00:25:13 UTC
From:
To:
Example:

My server has been accessed from 211.120.48.7 211.174.186.181 IP numbers. It
shouldn't have been. So I want to add them to /etc/hosts.deny (or ipchains
rules) as one number/mask. What I want is --standard (or --cidr) output that
would cover both IP numbers, with smallest possible number of "unwanted" IP
numbers.

Analogy would be a lossy compression.

Feel free to ask me if this explanation wasn't clear.

Thanks for netmask program! I use it quite often. :-)

 - Peter.

#130602#10
Date:
2002-01-31 20:04:52 UTC
From:
To:
Peter,
	What you're thinking of is maybe the smallest single netmask that
will include the set of netmasks on the command line?  Or something more
complex?
	Would the correct answer to the set you gave as an example be
211.0.0.0/8, or 211.40.48.5/255.41.117.77?  The second might require some
explaining...
	Some devices can support netmasks that are not all ones followed by
all zeros... (i.e. if you say 10.0.0.0/255.255.255.247, that is shorthand
for addresses 10.0.0.0 and 10.0.0.8, similarly 10.0.0.0/255.255.255.249 =>
{ 10.0.0.0, 10.0.0.2, 10.0.0.4, 10.0.0.6 })  But as of yet support for that
style, it is not common, and I haven't explored efficient means for netmask
to generate them.  Also note that these types of netmasks can not be
expressed in the current form of CIDR notation (though CIDR could be
extended to handle it).
	If that is unclear, play with these numbers a bit using netmask's
-b option to dump these number in binary.  Remember though that currently
netmask will not support a mask of the more complex form I was talking
about, so list them as addresses see them in binary.  I also doubt that
the tcpwrappers would support the complex netmasks (though they could
probably be convinced to add support if a tool like netmask made it easy to
generate them).
						-Robert

#130602#15
Date:
2002-02-05 03:39:28 UTC
From:
To:
I guess you could say that this is what I wanted. :-)

Yes, I believe these masks would be what I was asking for (I didn't check
for correctness, though).

Yes, I've noticed that.

...meaning that netmask keeps the masks internally as in CIDR (or
CIDR-compatible) mode?

Well, the manpage for tcpwrappers doesn't talk about any limitations that
the netmask could have. After all, if it was "all ones, then all zeros",
they might as well use CIDR syntax, which would be shorter (and might be
clearer). I may play with tcpwrappers later to find out whether they support
"odd" netmasks.

 - Peter.