On Jan 20 2008 14:00, Patrick McHardy wrote: > > Another nitpick: we support masks for the addresses, ranges of ports > would be nice to have here as well. Well well why don't we just add address ranges too then :p Do we need it so badly? > I also don't think the protocol > check is very useful in this case since all conntrack entries contain > port numbers or something similar. Is IPv4-in-IPv4 or IPv6-in-IPv4 conntracked like UDP is? The protocol check is important though, because IPPROTO_GRE is _not_ included, since, it's not something that has a port. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
