> To allow a nfobject to be incremented unconditionally, you may > follow the closing parenthesis with '!' (e.g., NFACCT(all)!). When > '!' is omitted, the object is incremented only if all of the rule's > matches succeed. > > "!" is useful in the following rule: > > NFACCT(all) - +fooset[src] +barset[dst](foobar) > > In this rule, the 'all' nfacc counter is incremented > unconditionally while the foobar counter is only incremented if > the packet SOURCE address is in fooset and the DEST address is in > barset. > I have been wrecking my head to see whether "!" makes any sense in nfacct objects used in ipsets (i.e. "(foobar)!" in your example above) and can't think of any - the set match order is always the same regardless of whether I use "!" or not. In your example above it doesn't make any difference whether I use "(foobar)" or "(foobar)!" - the end result is exactly the same.
------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
