> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Pascal Hambourg > Sent: Saturday, June 10, 2006 3:34 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Re: can i have boolean OR between multiple addresses > in iptables expression? > > I think that using a user defined chain is not only a matter of > obviousness, in some case the result may be different from using two > separate rules. For example : > > iptables -A INPUT -s 127.0.0.1 -m limit -j ACCEPT > iptables -A INPUT -s 172.16.0.0/24 -m limit -j ACCEPT > > and : > > iptables -A INPUT -s 127.0.0.1 -j user_chain > iptables -A INPUT -s 172.16.0.0/24 -j user_chain > iptables -A user_chain -m limit -j ACCEPT > > behave differently because, if I understand correctly, each 'limit' > match has its own counters and timers. Am I right ? Absolutely. You do have to be certain to 'play computer' correctly when you write the rules. Know that each rule is an AND and apply OR's correctly with judicious use of the -j ACCEPT target. --- Pablo Sanchez - Blueoak Database Engineering, Inc Ph: 819.459.1926 Toll free: 888.459.1926 Cell: 819.918.9731 Pgr: pablo_p@xxxxxxxxxxxxx Fax: 603.720.7723 (US) Fax: 514.371.1255 (Canada)
