Pablo Neira Ayuso wrote:
Hi Jan,
Jan Engelhardt wrote:
From: Michael Granzow <mgranzow@xxxxxxxx>
libiptc already supports adding and deleting multiple rules with
different addresses, so it only needs to be wired up to the options.
# ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP
References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2
I think this is handy for users so I can find it useful.
The only concern that I have with this is that it changes the existing
1:1 mapping between commands and iptables rules. I mean, people may get
confused because of this "rule expansion" feature, they may think that
we natively support layer 3 address sets? Probably it's a matter of
documenting this.
I'd like to know what Patrick thinks about this anyway.
No objections besides that its too large for this late in the cycle.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
