[grsec] full learning, role_allow_ip: useless entries in policy?
Marcelo Bartsch
mbartsch at unix911.ath.cx
Wed Jun 22 12:30:04 EDT 2005
Marc, short answer, is not the same.
long answer, 0.0.0.0/32 is a lot different from 0.0.0.0/0, /32 means
only packet comming from or to ip = 0.0.0.0, so it's nor redundant, i
think 0.0.0.0/32 is IP_ADDRANY alias, but some one can correct me if i'm
wrong.
On Wed, 2005-06-22 at 12:31 +0200, Marc Schiffbauer wrote:
> Hi Brad,
>
> in a policy generated by full learning (2.1.5) I see that:
>
> role userxy u
> role_allow_ip 217.248.220.113/32
> role_allow_ip 217.248.222.105/32
> role_allow_ip 217.248.222.58/32
> role_allow_ip 217.248.222.86/32
> role_allow_ip 217.248.223.153/32
> role_allow_ip 217.248.227.179/32
> role_allow_ip 62.134.108.35/32
> role_allow_ip 62.180.184.31/32
> role_allow_ip 62.180.184.53/32
> role_allow_ip 62.180.32.20/32
> role_allow_ip 62.180.32.63/32
> role_allow_ip 0.0.0.0/32
>
>
> Is this not the same as just writing only following two lines?
>
> role userxy u
> role_allow_ip 0.0.0.0/32
>
>
> Cheers
> -Marc
More information about the grsecurity
mailing list