On Monday 2011-10-24 13:59, Sergey Naumov wrote: >> Since rules are generally combined in ORed, it only makes sense for >> matches to be ANDed (and submatch parts to be ORed at times). > >Yes, I understand, but because of logic of project that I develop it >is better to use 1 rule than to search places where I have to add >workarounds to generate 2 iptables rules from 1 user specified rule. >When I use multiple -m molude inclusions, are specified parameters >combined as OR, as AND or overrided? Like I said, AND. Otherwise, packets would be able to match -m statistic --mode random --probability 0 [-m something else]. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
