more annoying questions, before i head out for the day: 1) is there anything meaningful about some sample address filter clauses i've seen that read "-s 0/0" or "-d 0/0"? doesn't this just mean no filtering on either source or destination? is there any value to these matches other than making it explicitly clear that no address filtering is being done? 2) in all of the docs i've read, the claim is that port matching is an implicit match within either UDP or TCP matching and that you *must* specify a protocol before you're allowed to specify ports. however, i've certainly seen and used rules that refer to a port or ports without first specifying a protocol. is the documentation just misleading here? rday
