On Tuesday 2011-11-08 17:19, U.Mutlu wrote: > sim@xxxxxxxxxxx wrote, On 2011-11-08 17:16: >>> What's the effect of this rule on a multihomed box >>> (the IPs below are just some examples, not real): >>> >>> iptables -A INPUT ! -d 1.2.3.4,2.3.4.5 -p all -j DROP >>> >> >> the newest version of iptables says: >> >> iptables v1.4.12.1: ! not allowed with multiple source or destination IP >> addresses > > Oh, one wonders why they did so... Because it leads to a confusing result. ! -d a,b,c could be reasonably interpreted as ! -d a && ! -d b && ! -d c but because using "," in -s/-d means a simple rule expansion, it actually generates an equivalent of ! -d a || ! -d b || ! -d c -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
