24 Feb
2015
24 Feb
'15
2:01 p.m.
On Tuesday, February 24, 2015 12:35:54 Daniel-Constantin Mierla wrote:
On 24/02/15 00:05, Anthony Messina wrote:
Understood. I am using the address table as well for that very reason. I
just didn't know if it was an *intentional* difference. Thanks. -A
--
Anthony - https://messinet.com/ - https://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
On Monday, February 23, 2015 09:53:08 AM
Daniel-Constantin Mierla wrote:
I am not the developer of that function and haven't used it for a while.
IIRC, it was added like 2003-2004 and kept being so. I use address table
as it has more features in matching subnets and does pre-compilation of
ip addresses, thus is fast.
If someone provides a patch for doing ip-based comparison for trusted
table, it will be accepted. The C helper functions are available, so the
patch should not be big (ipops module can be used as example of C code
for comparing ip addresses).
Cheers,
Daniel trusted does string comparison for the address
field, it is not
considered an ip address.
You should use address table instead if you just need matching on any ip
address or subnet.
That's interesting. Is there a reason for the string comparison? Reading
the README, trusted and address functions look incredibly similar,
except trusted can match proto, and the address commands can match
ports. What would be the advantage or use case of using either trusted
or address?