> On Nov 25, 2016, at 7:21 PM, Bill Yuan <[email protected]> wrote: > > Hi Chuck, > > By default, the filters are joined with 'and'. and currently the 'or' can > join the filter which is same as previous one. > Right, so you can have an "or" for alternatives for the same filter field, like:
dst-port 22 or 80 But maybe not something like: dst-port 22 or src-port 22 I think I tried something like the above and it said "bad command". That's OK, additional rules can be added for more complicated matching. On the two alternative rulesets I posted earlier, any idea why they were not equivalent? The first worked (allowed access to the HTTP and SSH servers) and the second did not (neither service was accessible).
