On Wednesday 09 October 2002 12:14 pm, Robert P. J. Day wrote: > more annoying questions, before i head out for the day: > > 1) is there anything meaningful about some sample address filter > clauses i've seen that read "-s 0/0" or "-d 0/0"? No, this is not meaningful, and in my opinion should be removed from rules because it only clutters them up and serves to confuse peope about what it might mean. > doesn't > this just mean no filtering on either source or destination? > is there any value to these matches other than making it > explicitly clear that no address filtering is being done? No. -s 0/0 means "any source", and -d 0/0 means "any destination". > 2) in all of the docs i've read, the claim is that port matching is > an implicit match within either UDP or TCP matching and that you > *must* specify a protocol before you're allowed to specify ports. This is correct. The --dport or --sport options are invalid without also specifying -p tcp or -p udp > however, i've certainly seen and used rules that refer to a port > or ports without first specifying a protocol. is the documentation > just misleading here? Can you give an example of a rule which works, and which specified a port but not a protocol ? Antony. -- Which part of 'apt-get dist-upgrade' do you not understand ???
