Le sam 29/03/2003 à 14:25, Peteris Krumins a écrit : > for example, i want to match anything marked from 1 (1b) to > 127 (1111111b), is it possible to do it using a mask? > > nfmark mask match > 1 & 127 = 1 > 77 & 127 = 77 To be valuable, a mask has to have some low bits to 0. If all mask's bits are set to 1, than it only matches the masked value... For your purpose, you have to use 128 (10000000b) as mask : 1 & 128 = 0 77 & 128 = 0 128 & 128 = 128 129 & 128 = 128 So, you match 0, with a 128 mask, which may be, I guess, something like "-m mark --mark 0/128". Note that 0 will also match. It is basicly the same system as netmasks. -- Cédric Blancher <blancher@xxxxxxxxxxxxxxxxxx> IT systems and networks security - Cartel Sécurité Phone : +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
