> >> There is only one rule in my iptables, >> >> iptables -A INPUT -m set --match-set foo src,src -j ACCEPT > > That's the filter table. What about the other tables? nothing in any other table. raw mangle nat If entry in ipset is 0.0.0.0/0,eth0 then iptable rule is not matched. However, if entry in ipset is 0.0.0.0/1,eth0 and 128.0.0.0/1,eth0, then iptable rule is matched. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
