A host IP address can be added to a security template either directly or indirectly. Direct assignment adds a host's IP address. Indirect assignment adds a range of IP addresses that includes the host. To match a particular host, the trusted network software first looks for the specific IP address. If the search does not find a specific entry for the host, it looks for the "longest prefix of matching bits". You can indirectly assign a host to a security template when the IP address of the host falls within the "longest prefix of matching bits" of an IP address with a fixed prefix length.
In IPv4, you can make an indirect assignment by subnet. When you make an indirect assignment by using 4, 3, 2, or 1 trailing zero (0) octets, the software calculates a prefix length of 0, 8, 16, or 24, respectively. For examples, see Figure 19, Table 19, Trusted Extensions Host Address and Fallback Mechanism Entries.
You can also set a fixed prefix length by adding a slash (/) followed by the number of fixed bits. IPv4 network addresses can have a prefix length between 1 – 32. IPv6 network addresses can have a prefix length between 1 – 128.
The following table provides fallback address and host address examples. If an address within the set of fallback addresses is directly assigned, the fallback mechanism is not used for that address.
Note that the 0.0.0.0/32 address matches the specific address, 0.0.0.0. By adding the 0.0.0.0/32 entry to a system's unlabeled security template, you enable hosts with the specific address, 0.0.0.0, to contact the system. For example, DHCP clients contact the DHCP server as 0.0.0.0 before the server provides the clients with an IP address.
To create a tnrhdb entry for an application that serves DHCP clients, see Example 41, Making the Host Address 0.0.0.0/32 a Valid Initial Address. The 0.0.0.0:admin_low network is the default entry in the admin_low unlabeled host template. Review How to Limit the Hosts That Can Be Contacted on the Trusted Network for security issues that would require changing this default.
For more information about prefix lengths in IPv4 and IPv6 addresses, see Obtaining IP Addresses for Your Network in Planning for Network Deployment in Oracle Solaris 11.4.