On Tue, 15 Mar 2011, Pandu Poluan wrote: > A question's been bugging me since this evening: > > Do I need to specify -p tcp|udp if I want to match against an IP set > of type ipporthash? > > Or, in other words, can I just write a rule like `iptables -A FORWARD > -m set --match-set SetName dst,dst -j ACCEPT` ? The port stored together with the protocol, so you should not specify the protocol in the iptables rules. Unless you want to match a subset of the set, selected by the protocol. Best regards, Jozsef - E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlec@xxxxxxxxxxxx PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt Address : KFKI Research Institute for Particle and Nuclear Physics H-1525 Budapest 114, POB. 49, Hungary -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
