On Fri, 6 Jul 2012, Mr Dash Four wrote: > > Do you deliberately close your eyes? In the two rules > > > Explain the above comment please? Are you deliberately deaf to the arguments? > > iptables -A INPUT -m set --match-set list1 src,src -j ACCEPT > > iptables -A INPUT -m set --match-set list1 src,in -j ACCEPT > > > > the underlying set types "decide" how to act to "src/in", when actually > > "src" == "in". I hear you shouting: FOR HASH:NET,IFACE ONLY. Right. But > > "list1" is a list type of set, not hash:net,iface. Still, the result is > > different. > > > Whoever produces the above statements is making a concious decision on > what to use/deploy! I am repeating this for, I don't know, a third time > maybe - what my patch series are offering is a choice. If you, or > anybody else wishes to continue to use 'src' or 'dst' (including for > interface matching), then so be it, you are completely free to do that - > I am not forcing you, or anyone to do otherwise. You want a choice to be introduced which lead to confusion - I'm repeating it countless times and you just ignore it. In order to prevent such confusions, I offered that let "in/out" be alias to "src/dst": accepted as input everywhere but printed/saved with hash:net,iface only. You point blank refused it. Then come up with a better solution than the submitted one. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
