Jan Engelhardt wrote: > On Saturday 2009-06-06 08:53, Pablo Neira Ayuso wrote: >>> # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP >>> >>> References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 >> I think this is handy for users so I can find it useful. >> >> The only concern that I have with this is that it changes the existing >> 1:1 mapping between commands and iptables rules. I mean, people may get >> confused because of this "rule expansion" feature, they may think that >> we natively support layer 3 address sets? Probably it's a matter of >> documenting this. > > Hence: > >>> +Multiple addresses can be specified when, but this will \fBreplicate\fP the >> ^^^^ >> This sentence is incomplete? I suggest to refer to the rule expansion >> feature. > > Well, I think <b>replicate</b> hits the expansion pretty good. To replicate means to make a copy, and this is not what this does. But, to be frank, I really don't care. -- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
