> Just look at the firs range in that file: with the first octet anonymized, > it's > > a test 10.0.1.0-10.0.3.255 > > However that's identical with two networks, 10.0.1.0/24 and 10.0.2.0/23, > thus two set members. So the command above is equivalent with > > a test 10.0.1.0/24 > a test 10.0.2.0/23 Yeah, I understand it now - I think I need to allow for some more leverage when defining maxelem. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
