[pkg-netfilter-team] Bug#886321: ipset: really ought to understand CIDR properly
Phil Reynolds
phil at tinsleyviaduct.com
Thu Jan 4 11:34:01 UTC 2018
Package: ipset
Version: 6.30-2
Severity: normal
Dear Maintainer,
When adding an entry to an ipset, if you do not specify a full dotted quad,
what gets added is not what you might reasonably expect
For example, if you were to type:
ipset add FOO 192.168/16
where FOO is the name of an existing inet family hash:ip set what it adds
is 192.0.0.0/16 - as though treating the 168 as 0.0.168, perhaps.
-- System Information:
Debian Release: 9.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages ipset depends on:
ii iptables 1.6.0+snapshot20161117-6
ii libc6 2.24-11+deb9u2
ii libipset3 6.30-2
ipset recommends no packages.
ipset suggests no packages.
-- no debconf information
More information about the pkg-netfilter-team
mailing list