Hello list,
Does iptables do short circuit evaluation?
Let me try to explain. I now have:
iptables -A chain -m recent --name evil \
--seconds 900 --hitcount 15 -j block
iptables -A block -m recent --name block --set
If iptables does short circuit evaluation and it does this reliably
(i.e. by design/documented/will not change without warning), then I can
replace this with:
iptables -A chain -m recent --name evil \
--seconds 900 --hitcount 15 \
-m recent --name block --set
(Which is much harder to read, so much safer. HHOK ;)
Best regards,
Valentijn
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
