15 Apr
2010
15 Apr
'10
10:51 a.m.
2010/4/15 Juha Heinanen jh@tutpro.com:
Juha Heinanen writes:
> i think that grp should also be included in the unique key.
as well as port, but things get tricky, since port can be 0 that matched all ports.
I assume that in case two entries share the same ip_addr but different mask, then the match would be priorized to the entry with greatest mask value, am I right? This is:
1) 1.2.3.0 / 24 2) 1.2.3.4 / 32
If the source IP is 1.2.3.4 then I expect permissions module to retrieve the second entry (as it mask value is the greatest one of all the entries matching the source IP).
Same could be done with the port: If two entries share the same ip_addr and mask, then that with port != 0 would have priority. Does it make sense?
--
Iñaki Baz Castillo
ibc@aliax.net