On Mon, 2004-09-06 at 04:28, Akolinare@xxxxxxx wrote: > Hi, > > I have a little question with two negatived parameters in one rule. > > I create a rule, which should only match if source and destination are not > the given. I think that it is easy and try the following rule: > > iptables -A FORWARD -s ! host1 -d ! host2 -j ACCEPT > > But with this rule pakets from host1 to host3 (or from host2 to host3) were > not affected. It seems like the logical combination is OR and not AND unlike > the not negatived rule. > I think that the rule is logical right. Is it a little bug or have I > misunderstood something? > > I used the version 1.2.11 with kernel 2.4.26. > > Markus a rule matches only when all the parameters are true. a packet from host1 does not match your example rule (it explicitly says "-s ! host1"), and this is how it should work. consider the non-negative example: -A FORWARD -s host1 -d host2 -j ACCEPT would you propose that a packet from host1 to host3 should match that rule? i don't think so... in your example rule, as soon as the source is host1 or the destination is host2--the rule no longer matches. -j -- Jason Opperisano <opie@xxxxxxxxxxx>
