Hi Jan, Jan Engelhardt wrote: > From: Michael Granzow <mgranzow@xxxxxxxx> > > libiptc already supports adding and deleting multiple rules with > different addresses, so it only needs to be wired up to the options. > > # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP > > References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 I think this is handy for users so I can find it useful. The only concern that I have with this is that it changes the existing 1:1 mapping between commands and iptables rules. I mean, people may get confused because of this "rule expansion" feature, they may think that we natively support layer 3 address sets? Probably it's a matter of documenting this. I'd like to know what Patrick thinks about this anyway. Just a minor nitpick: > +Multiple addresses can be specified when, but this will \fBreplicate\fP the ^^^^ This sentence is incomplete? I suggest to refer to the rule expansion feature. > +rule (when adding with \-A), or will cause multiple rules to be > +deleted (with \-D). -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
