>>> Depends on what you want. >>> >>> !+[ip-map,port-map] means that the packet does not match both sets (but >>> it may match one of the two sets). >>> >>> +[!ip-map,!port-map] means that the packet does not match either set. >>> >>> >> You are right. Come to think of it, when I do not have exclusion (!), >> the comma symbol (,) between sets in brackets indicates logical AND (in >> other words, to have a packet match all sets specified in the brackets >> must also match), so following this: >> >> !+[ipset1,ipset2...ipsetN] should be interpreted as NOT (ipset1 AND >> ipset2 AND ... ipsetN), which is the same as ipset1 OR ipset2 OR ... >> ipsetN - in other words match in either set produces a packet match. >> >> Similarly +[!ipset1,!ipset2...!ipsetN) should be interpreted as (NOT >> ipset1) AND (NOT ipset2) ... AND (NOT ipsetN), which is the same as NOT >> (ipset1 OR ipset2 OR ... ipsetN) - in other words match in either set >> does NOT produce a packet match. >> >> Does your patch reflects the above logic or should I refrain from >> applying it until you fix this? >> > > What I wrote reflects the patch I sent. > What does that mean exactly?
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
