On Tue, Mar 15, 2011 at 03:13, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxxxxxx> wrote: > On Tue, 15 Mar 2011, Pandu Poluan wrote: > >> A question's been bugging me since this evening: >> >> Do I need to specify -p tcp|udp if I want to match against an IP set >> of type ipporthash? >> >> Or, in other words, can I just write a rule like `iptables -A FORWARD >> -m set --match-set SetName dst,dst -j ACCEPT` ? > > The port stored together with the protocol, so you should not specify the > protocol in the iptables rules. Unless you want to match a subset of the > set, selected by the protocol. > > Best regards, > Jozsef > - Ahh, thanks for the explanation! So, the ipporthash implicitly will only be applied to port-using protocols, e.g., TCP and UDP. What about SCTP's port? Will ipporthash also match against SCTP's ports? Rgds, -- Pandu E Poluan ~ IT Optimizer ~ Visit my Blog: http://pepoluan.posterous.com Google Talk: pepoluan Y! messenger: pepoluan MSN / Live: pepoluan@xxxxxxxxxxx (do not send email here) Skype: pepoluan More on me: My LinkedIn Account My Facebook Account -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
