>> >>> all is it possible to write a single rule that match source IP or >>> destination IP. >> >> It is possible. > >With the "u32" match, I suppose ? Ah the language. A linguistic or/and is not the same as a logical OR/AND. Parenthesis are required in doubt. It is possible to write a single rule that matches either src _or_ dst, _or_ both src addr and dst. Confusion complete! u32 does not change that fact. Since rules themselves are ORed so to speak, there is few reason to do the same between matches (short of deeper match logic). It is called disjunctive normal form. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
