#227 Netmasks with zeroes in the middle should be allowed

closed-wont-fix
nobody
None
5
2012-06-28
2012-06-28
Anonymous
No

Somewhere in a previous version of fwbuilder I was able to create network objects like:
10.0.128.0 / 255.0.255.0

But now (version 5.1.0.3599 Mac OS-X) I get the message:
"Netmasks with zeroes in the middle are not supported"

For a Cisco IOS ACL it generated valid wildcard masks in the past.
"10.0.128.0 255.0.128.0" became cisco wildcard "10.0.128.0 0.255.0.255"

I have multiple locations with networks for example: 10.64.x.x/16, 10.32.x.x/16 etc... and in each location 10.x.128.x trough 10.x.255.x are client vlans.

Maybe you could create an preference option like: "I want to use zeroes in netmasks, Yes I (pretent to) know what I'm doing and know that these objects are not compatible with all types of firewalls"

Discussion


  • Anonymous
    2012-06-28

    Typo....
    the line "10.0.128.0 255.0.128.0" became cisco wildcard "10.0.128.0 0.255.0.255"

    should be: "10.0.128.0 255.0.255.0" became cisco wildcard "10.0.128.0 0.255.0.255"

     
  • Vadim Kurland
    Vadim Kurland
    2012-06-28

    • status: open --> closed-wont-fix
     
  • Vadim Kurland
    Vadim Kurland
    2012-06-28

    this is by design. Netmasks with "holes" were never supported, but old versions of fwbuilder just did not check for them. Many features would break with these netmasks, including rule shadowing detection, automatic determination of interfaces for rules etc.