From: "Jozsef Kadlecsik" <kadlec@xxxxxxxxxxxxxxxxx>
>
> > I hope my understanding is correct. Perhaps the docs should explain it more
> > clearly.
>
> Yes, the docs are terse. Patches against the docs are (also) always
> welcomed.
>
If my understanding is correct ( which I am still not very sure at this moment ),
perhaps may I suggest the syntax be changed such that only one flag is
allowed ( and necessary ) and the value can be 'dst', 'src', or 'both' ?
eg,
iptables -A FORWARD -m set --set servers dst -j ACCEPT
iptables -A FORWARD -m set --set servers src -j ACCEPT
iptables -A FORWARD -m set --set servers both -j ACCEPT
or if the keyword 'both' is left out, it is then implied :-
iptables -A FORWARD -m set --set servers -j ACCEPT
The nature of relationship is that it will be hard to form a meaningful
relationship where the flags could be heterogeneous, so why don't
just implement a simplied syntax ?
Cheers
