You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following is accepted in the NPaaS/MOP and sent and accepted by OpenZITI controls. Subsequently, it seems accepted by the (at least) Swift version of the Ziti Edge Tunnel.
CIDR range services are accepted normally, however, a contiguous IP range seems to be accepted but not interpreted correctly.
The difference is 192.168.1.0/24 results in an interception range for the IPs that span from [192.168.1.0-192.168.1.255] (255 IPs). However, if you do not wish to expose an IP in that range (for instance, [192.168.1.1] which would correspond potentially to the router/firewall of the range) then you might want to use a range in the format [192.168.1.2-192.168.1.255]. The latter is a better method to exclude IPs in a range than calculating CIDR ranges that avoid it.
The BUG in this is that the range format X-Y seems to be accepted. Perhaps this is interpreted as a valid DNS record? The feature in this is that if range format is a capability, it would be highly useful for exclusion.
The text was updated successfully, but these errors were encountered:
Agree this is irritating, but will not fix. We validate "legal hostname", and this is a legal hostname. We auto-exclude OS/Ziti needed routes already. We have a separate issue to support explicit exclusion routes (see openziti/ziti-tunnel-sdk-c#855)
The following is accepted in the NPaaS/MOP and sent and accepted by OpenZITI controls. Subsequently, it seems accepted by the (at least) Swift version of the Ziti Edge Tunnel.
CIDR range services are accepted normally, however, a contiguous IP range seems to be accepted but not interpreted correctly.
The difference is 192.168.1.0/24 results in an interception range for the IPs that span from [192.168.1.0-192.168.1.255] (255 IPs). However, if you do not wish to expose an IP in that range (for instance, [192.168.1.1] which would correspond potentially to the router/firewall of the range) then you might want to use a range in the format [192.168.1.2-192.168.1.255]. The latter is a better method to exclude IPs in a range than calculating CIDR ranges that avoid it.
The BUG in this is that the range format X-Y seems to be accepted. Perhaps this is interpreted as a valid DNS record? The feature in this is that if range format is a capability, it would be highly useful for exclusion.
The text was updated successfully, but these errors were encountered: