On 5/9/25 5:02 AM, Ralph Corderoy wrote:
I doubt your understanding is correct. I think it more likely the ‘0/8’
this time was short enough to match /([^.]{1,3})$/ in the first regexp
and either:
- it has never been short enough in the past, e.g. ‘0/24’, or
- they've slipped through but not triggered an error for you to notice,
e.g. ipset's hash table didn't fill up.
Ah hah!
Thank you Ralph. I think you put your finger on it, and helped remind
us again that correlation does not equal causation. Your first bullet
fits the bill. I believe this was the first time a /8 block was added to
the hash:net list. That makes sense that the '0/0' fit both the final
list and repetition of the regex.
Mystery solved. Thanks also to heftig for his help with this as well.
The firewall tools have been very busy this past month, and things don't
show any signs of letting up...
--
David C. Rankin, J.D.,P.E.
