Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > On Mon, Aug 03, 2015 at 04:04:46AM +0000, Kyeong Yoo wrote: > > I found this is useful for me to match multiple DSCP values in a rule. > > > > For example, if you want to handle traffic with a list of DSCP same way, > > instead of using this: > > > > -A FORWARD ...cond1... -m dscp --dscp-class AF11 -j TARGET > > -A FORWARD ...cond1... -m dscp --dscp-class AF21 -j TARGET > > -A FORWARD ...cond1... -m dscp --dscp-class AF31 -j TARGET > > -A FORWARD ...cond2... -m dscp --dscp 10 -j TARGET > > -A FORWARD ...cond2... -m dscp --dscp 20 -j TARGET > > > > you can use: > > > > -A FORWARD ...cond1... -m dscp --dscp-multi AF11,AF21,AF31 -j TARGET > > -A FORWARD ...cond2... -m dscp --dscp-multi 10,20 -j TARGET > > We support multiple matches in a rule for long time already: > > -A FORWARD ...cond1... -m dscp --dscp-class AF11 \ > -m dscp --dscp-class AF21 \ > -m dscp --dscp-class AF31 \ Yes, but that won't work since this is foo && bar, not foo || bar. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
