Comment 4 for bug 1837339

Hi Stephen, is there any guideline on forms for CIDR?

I see several ways we can go:

(a) Only accept a network address (which means host parts of CIDR should be zero) (e.g. 10.56.133.0/24 is okay but 10.56.133.1/24 is bad.)
(b) Check 0.0.0.0 is specified only when a netmask is 0
(c) Keep the current behavior as-is (as users who maintain security group should have minimum knowledge on CIDR)

If we improved the implementation, I prefer to (a). (b) is not a generic approach. One minor concern on (a) is that an error message would be "A specified CIDR is not a network address" or some and a naive user you mentioned cannot understand what the error message means :p

In addition, if we change the validation of CIDR, which forms should be improved?
I would like to have more concrete list of such forms.

I think this is a wish-list (or low priority) security improvement.