>I have been reading ipset from http://ipset.netfilter.org/features.html >quite a few times but still do not understand what does it mean >by this :- > > iptables -A FORWARD -m set --set servers dst,dst -j ACCEPT > >My question is why the flag is dst,dst ? > >And similarly what is the significance if it is src,dst ? >What if it is src,dst,dst and so on ? Gosh I think something sudden sparked my mind, I think I understand it now. The number of flags ties to the bindings, ie this example it is ip->port, then dst,dst would means check the destination ip, and destination port. Had the flags be src,dst, then it is checking the source ip and destination port. I hope my understanding is correct. Perhaps the docs should explain it more clearly. Cheers.
