Shorewall users - Aug 2010 - shorewall logdrop <access>

This is shorewall 4.4.8.
This command seems valid:
shorewall logdrop 220.233.240.0/32
and I would expect the command to block the group of 256 addresses.
However, here is the rule actually created:
[root@Server ~]# shorewall list | grep 220.233.240.0
    0     0 logdrop    all  --  *      *       220.233.240.0        0.0.0.0/0
[root@Server ~]#

While the synopsis says this
shorewall [trace|debug [nolock]] [-options] logdrop address

the descriptions speaks of addresses, plural, as so:
logdrop
           Causes traffic from the listed addresses to be logged then discarded.
Logging occurs at the log level specified by the BLACKLIST_LOGLEVEL
           setting in shorewall.conf[1] (5).

I wish to apply the rule to an entire network, and the alternatives - 256 rules,
and using iptables directly, are unattractive.



------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd

On 8/30/10 11:56 PM, j20100909@js.id.au wrote:
> This is shorewall 4.4.8.
> This command seems valid:
> shorewall logdrop 220.233.240.0/32
> and I would expect the command to block the group of 256 addresses.
How could you possibly expect that? /32 means *one address* (mask
0xffffffff). If you want to block the class C network, then you need /24
(mask 0xffffff00).

-Tom
-- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________



------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd