Code: Select all
/ip firewall filter add chain=output dst-address=192.168.0.168/255.255.0.255
Code: Select all
chain=output action=accept dst-address=192.168.0.168-192.168.255.168
Where do things go wrong?
Non-contigous network mask is incorrectly converted/used in firewall
When I add a rule like this:
it is automatically converted to this:
But this catches addresses like 192.168.1.169, not only 192.168.X.168
Where do things go wrong?
Where do things go wrong?
Re: Non-contigous network mask is incorrectly converted/used in firewall
Ignorance about particular use case ... hence wrong conversion. Not sure why address/mask notation needs conversion to address range though.
If I may ask: what would be use case of your accept rule?
If I may ask: what would be use case of your accept rule?
Re: Non-contigous network mask is incorrectly converted/used in firewall
Thinking about (CG)NAT applications, Filter was just an easy example
Who is online
Users browsing this forum: Ahrefs [Bot] and 211 guests