On 10/05/2010 11:42 AM, Mr Dash Four wrote: > >>>>>> !+[ip-map,port-map] means that the packet does not match both sets (but >>>>>> it may match one of the two sets). >>>>>> >>>>>> +[!ip-map,!port-map] means that the packet does not match either set. >>>>>> >>>>>> >>>>>> >>>>> You are right. Come to think of it, when I do not have exclusion (!), >>>>> the comma symbol (,) between sets in brackets indicates logical AND (in >>>>> other words, to have a packet match all sets specified in the brackets >>>>> must also match), so following this: >>>>> >>>>> !+[ipset1,ipset2...ipsetN] should be interpreted as NOT (ipset1 AND >>>>> ipset2 AND ... ipsetN), which is the same as ipset1 OR ipset2 OR ... >>>>> ipsetN - in other words match in either set produces a packet match. >>>>> >>>>> Similarly +[!ipset1,!ipset2...!ipsetN) should be interpreted as (NOT >>>>> ipset1) AND (NOT ipset2) ... AND (NOT ipsetN), which is the same as NOT >>>>> (ipset1 OR ipset2 OR ... ipsetN) - in other words match in either set >>>>> does NOT produce a packet match. >>>>> >>>>> Does your patch reflects the above logic or should I refrain from >>>>> applying it until you fix this? >>>>> >>>>> >>>> What I wrote reflects the patch I sent. >>>> >>>> >>> What does that mean exactly? >>> >> >> It means that the patch works the way that I described, not the way that >> you described. >> > Could you describe it in a way that us, simple-minded, could understand > please, as I am struggling with the cryptic one-liners you use in your > 'description' (god forbid if you put that in a man page)? I tried to > explain what I thought was a logical set of rules this to be built upon, > but that, I see, went way over your head.
Please forget the &^%$ patch. You will get my code when it is ready. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Beautiful is writing same markup. Internet Explorer 9 supports standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. Spend less time writing and rewriting code and more time creating great experiences on the web. Be a part of the beta today. http://p.sf.net/sfu/beautyoftheweb
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
