Hi, Is it possible to match both source and destination from the same set. I have two networks: - 192.168.1.0/24 - 192.168.2.0/24 And I'd like to match packets going from one to another (the set can be bigger of course). Without ipset it would be: -A FORWARD -s 192.168.1.0/24 -d 192.168.2.0/24 -j ACCEPT However this won't work using ipset: -A FORWARD -m set --match-set mynets src,dst -j ACCEPT However, as stated in the man page match is done only on src and therefore this is not the behavior I was expecting. A part from listing each networks one by one, do you see any solution for that? -- Jimmy -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
