On Saturday 2009-06-06 08:53, Pablo Neira Ayuso wrote: >> >> # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP >> >> References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 > >I think this is handy for users so I can find it useful. > >The only concern that I have with this is that it changes the existing >1:1 mapping between commands and iptables rules. I mean, people may get >confused because of this "rule expansion" feature, they may think that >we natively support layer 3 address sets? Probably it's a matter of >documenting this. Hence: >> +Multiple addresses can be specified when, but this will \fBreplicate\fP the > ^^^^ >This sentence is incomplete? I suggest to refer to the rule expansion >feature. Well, I think <b>replicate</b> hits the expansion pretty good. >> +rule (when adding with \-A), or will cause multiple rules to be >> +deleted (with \-D). I'll remove the 'when' in a rebase. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
