On Monday 28 October 2002 11:33 am, Robert P. J. Day wrote:
> from the iptables man page, for both SNAT and DNAT targets,
> we have the (similar) excerpts:
>
> --to-{source|destination} ipaddr[-ipaddr][:port-port]
>
> which can specify a single new {source|destination} address,
> an inclusive range of IP addresses, and optionally, a
> port range (which is only valid if the rule also specified
> -p tcp or -p udp)
>
> so, what part of that requires the protocol specifier? having
> a range of IP addresses? or just having a port range? or both?
> it's somewhat ambiguously worded.
Only if you specify a port range.
The "is" inside the brackets refers to the "range" immediately before :-)
Antony.
--
All matter in the Universe can be placed into one of two categories:
1. things which need to be fixed
2. things which will need to be fixed once you've had a few minutes to play
with them
