[Bug 3544] Support CIDR notation for host pattern matching
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sun Mar 22 02:05:35 AEDT 2026
https://bugzilla.mindrot.org/show_bug.cgi?id=3544
--- Comment #6 from kyle at kyleo.net ---
If I'm understanding the concern correctly, it's closer to the original
concern in #2, which was roughly what does the lookup chain look like
when specified and if it resolves to an IP that matches and which Host
or Match does it match on.
In this case, I'm only focusing on expanding only what the existing
glob matching is already doing. This adds a condition by looking for
and matching CIDR prefixes (which currently are only valid at network
boundaries, otherwise it fails silently, but realistically it shouldn't
matter, this is just a function of reusing the existing functions ).
So it doesn't seem like it is any different from a workflow prospective
than the glob matching that already exist, just that handles when CIDR
is provided instead. I would hazard a guess that CIDR matching is more
intuitive to most folks at this point (and likely, ultimately more
precise in practice, which seems better). Both matching mechanisms
operate purely on the literal string the user typed AFAICT, I could be
entirely wrong though.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list