What you wrote was:
You:> What I have suggested to you was that you allow in/out to be
You:> *entered*, as input, in a list:set (i.e. in the iptables statement),
You:> but treated internally in the same way as src/dst ('in' to be
You:> treated internally as 'src', 'out' as 'dst' obviously). In that way,
You:> there won't be any discrepancies and the results from both
You:> "solutions" will be the same. In other words (using the example you
You:> gave earlier), typing:
You:>
You:> -bash-~# iptables -A INPUT -m set --match-set list1 src,in -j ACCEPT
You:>
You:> and
You:>
You:> -bash-~# iptables -A INPUT -m set --match-set list1 src,src -j ACCEPT
You:>
You:> to be both accepted and 'in', as *entered* above, to be interpreted
You:> in the same way as 'src'. That way there won't be any "different"
You:> results.
So if list1 contains a hash:ip,port type alone, the rule
iptables -A INPUT -m set --match-set list1 src,in -j ACCEPT
is perfectly fine and logical. We circled again and I'm fed up.
So? I fail to see where I have contradicted myself (if that was indeed
your intention to show me when you sent the above) or how the above is
wrong, but please feel free to elaborate if you so wish.
You keep banging on about "send me the patches according to solution a", but
you are unwilling or unable to address the consequences of this and the issues
I raised in this regard. Once this is done and I am convinced that this is the
way to go, I'll send you the new patches.
This isn't some sort of Stalin-like republic where you can just order me to
"send you the patches" and I do as I am told, OK? This is a free forum where
we, as peers, are allowed to discuss these issues. If you are unable to hold
to your arguments after I shot them to pieces, do you think that by ordering
me to "send you the patches" I am going to concede and do as I am told?
Or do you think that just because you've written parts of the ipset code you
could just order me to "send you the patches" I'll bow my head and say "yes,
sir, I'll do it sir, right away sir"? Really? Get a grip of yourself Jozsef!
Stop this, now. I don't tolerate your style anymore.
Stop what now? If I think that you've overstepped the mark by giving me
orders to "send you the patches" instead of supporting your own
viewpoints and arguments when I challenge them, I'll pull you up on it
as I did with my post above.
I don't care what you do. I accept patches which I believe fit fine into
the current system.
As I already pointed out, if you present your points and you are not
prepared to be challenged by others (particularly if there is some
disagreement, as is the case here), then you are in the wrong place I am
afraid.
I clearly disagree with your view to prevent in/out being used in
list:set (one reason I asked you to let me know what do you think in/out
is - I am yet to receive a response from you on that), given that
hash:net,iface could be a member of that set and also given the fact
that in/out is used there.
As soon as I start asking questions and digging up holes in your
arguments, you revert to type and I either get a response like "I've had
enough", "I am fed up" or, as above, I am given orders to submit those
patches regardless.
That is not how it works and you should know better - the last time I
checked, this is a forum for discussion among peers, not some sort of
totalitarian setup where someone starts barking orders and others follow
in line - this is precisely what I meant with my post above.
Again, if you make your view points, you should be prepared those views
to be challenged, particularly if there is a disagreement, and not hide
away and start giving orders for others to follow. I hope I have made
myself clear.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
