On Monday 2011-10-24 12:48, Sergey Naumov wrote: >Hello. > >I would like to ask whether > >iptables -A CHAIN -p tcp -m ecn --ecn-tcp-cwr --ecn-tcp-ece -m ecn >--ecn-ip-ect 1 -m ecn --ecn-ip-ect 2 -j ACTION > >will work as >1) filter by tcp options >2) filter by tcp options and ecn-ip-ect 2 >3) filter by only ecn-ip-ect 2 >4) filter by tcp options AND (ecn-ip-ect 1 OR ecn-ip-ect 2) >5) some other behavior > >the 4-th variant is desirable (the goal is to be able to specify all >desirable options in one rule, or I have to split filtering by ect1 >and ect2 on two different rules?). > >Unfortunately, it is unclear from the manual. Since rules are generally combined in ORed, it only makes sense for matches to be ANDed (and submatch parts to be ORed at times). -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
