Re: give multible ports a/o ips to iptables [fixed: problems with firehol...]

[Mike Mestnik <cheako911@yahoo.com>]

--- Jonas Meurer <jonas@freesources.org> wrote:

> On 02/09/2004 Jean Christophe André wrote:
> > For your .98 & .99 problem, you may use something like this:
> >   iptables -A OUTPUT -d ???.???.128.98/255.255.255.254 ...
> > or like this (exactly the same in this case):
> >   iptables -A OUTPUT -d ???.???.128.98/31 ...
> 
> so you mean that -d 62.75.128.98/31 is the same as two rules, one with
> -d 62.75.128.98 and one with -d 62.75.128.99? can you explain it, i
> don't understand ...
> 
It has todo with bit's, something called a bitmap.  Here we go...
1 and 0 is 1
0 and 0 is 0, and is recursive so
0 and 1 is also 1

1111:1110 and xxxx:xxxx is xxxx:xxx0

98d = 0110:0010
99d = 0110:0011
254d = 1111:1110

99d and 254d = 98d and 98d and 254d = 98d.
(98d and 254d) is also (99d and 254d).

So both 62.75.128.98 and 62.75.128.99 are in network
62.75.128.98/255.255.255.254.  This network could also be writen as
62.75.128.98/31 saying that 31 out of 32 bits are set to 1 meaning that
the last one bit(s) are 0.

> bye
>  jonas
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
> 
> 



		
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush