If this flag is set, counters are updated when elements (not necessarily rules) match, and before rule match is evaluated as a whole. Signed-off-by: Stefano Brivio <sbrivio@xxxxxxxxxx> --- extensions/libxt_set.man | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/extensions/libxt_set.man b/extensions/libxt_set.man index 451400dc..fb5411be 100644 --- a/extensions/libxt_set.man +++ b/extensions/libxt_set.man @@ -27,9 +27,17 @@ byte counters of the matching element in the set won't be updated. By default, packet and byte counters are updated if the \fIrule\fP matches. .IP -Note that a rule might not match (hence, counters won't be updated) -even if a set element matches, depending on further options described -below. +Note that a rule might not match even if a set element matches, +depending on further options described below, hence counters won't be +updated unless the \fB\-\-update\-counters-first\fP option is given. +.TP +\fB\-\-update\-counters-first\fP +Update counters before evaluating options that might affect rule +matching: counters are updated whenever a set element matches, and +counter comparison options described below are evaluated against the +resulting counter values. +.IP +This is mutually exclusive with \fB!\fP \fB\-\-update\-counters\fP. .TP \fB!\fP \fB\-\-update\-subcounters\fP If the \fB\-\-update\-subcounters\fP flag is negated, then the packet and -- 2.24.1
