On 4/22/13 4:31 PM, "Dash Four" <[email protected]> wrote:
> >> To allow a nfobject to be incremented unconditionally, you may >> follow the closing parenthesis with '!' (e.g., NFACCT(all)!). When >> '!' is omitted, the object is incremented only if all of the rule's >> matches succeed. >> >> "!" is useful in the following rule: >> >> NFACCT(all) - +fooset[src] +barset[dst](foobar) >> >> In this rule, the 'all' nfacc counter is incremented >> unconditionally while the foobar counter is only incremented if >> the packet SOURCE address is in fooset and the DEST address is in >> barset. >> >I have been wrecking my head to see whether "!" makes any sense in >nfacct objects used in ipsets (i.e. "(foobar)!" in your example above) >and can't think of any - the set match order is always the same >regardless of whether I use "!" or not. In your example above it doesn't >make any difference whether I use "(foobar)" or "(foobar)!" - the end >result is exactly the same. Of course. In a SOURCE or DEST list, ! (without a preceding '.') signals exclusion. So you have an empty exclusion list when you add '!'. I had no intention of supporting the '!' any other way in the SOURCE and DEST columns. -Tom You do not need a parachute to skydive. You only need a parachute to skydive twice. ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Shorewall-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-devel
