From owner-freebsd-isp Fri Dec 1 8: 6: 8 2000 Delivered-To: freebsd-isp@freebsd.org Received: from relay1.sfo.com (relay1.sfo.com [209.159.128.250]) by hub.freebsd.org (Postfix) with ESMTP id 94EBD37B401 for ; Fri, 1 Dec 2000 08:06:04 -0800 (PST) Received: from valerie.sfo.com (valerie.sfo.com [209.159.128.66] (may be forged)) by relay1.sfo.com (8.9.2/8.9.2/SFO.r.04) with ESMTP id IAA07938 for ; Fri, 1 Dec 2000 08:06:04 -0800 (PST) Message-Id: <5.0.0.25.2.20001201075130.085f1460@pop.sfo.com> X-Sender: sommers@pop.sfo.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Fri, 01 Dec 2000 08:05:38 -0800 To: freebsd-isp@FreeBSD.ORG From: William Sommers Subject: Re: Danger Ports In-Reply-To: References: <20001130221631.E99903@149.211.6.64.reflexcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:28 AM 12/1/00 -0600, Butch Evans wrote: >> > > access-list 110 deny ip 172.16.0.0 0.15.255.255 any log >> > > access-list 110 deny ip 172.31.0.0 0.0.255.255 any log >> >> > access-list 110 deny ip any 172.16.0.0 0.15.255.255 log >> > access-list 110 deny ip any 172.31.0.0 0.0.255.255 log >> >> Is it me? Isn't the second network in each a subset of the first? >> > Now that I re-read your question, I see what you are saying...You are > correct. Um, unless I'm not yet fully caffeinated: 172.16.0.0 0.15.255.255 matches 176.16.0.0 - 176.30.255.255 172.31.0.0 0.0.255.255 matches 176.31.0.0 - 176.31.255.255 No overlap at all. -wfs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message