From 332e4acc574e3a348fe611d55bf642de0d50fbda Mon Sep 17 00:00:00 2001 From: Michael Granzow Date: Thu, 9 Apr 2009 18:24:36 +0100 Subject: iptables: accept multiple IP address specifications for -s, -d libiptc already supports adding and deleting multiple rules with different addresses, so it only needs to be wired up to the options. # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP References: http://marc.info/?l=netfilter-devel&m=123929790719202&w=2 Adjustments made: syntax, removal of unneeded variables, manpage adjustment, soversion bump. Signed-off-by: Jan Engelhardt --- iptables.8.in | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'iptables.8.in') diff --git a/iptables.8.in b/iptables.8.in index 10dcb734..14fc23ad 100644 --- a/iptables.8.in +++ b/iptables.8.in @@ -236,7 +236,7 @@ Protocol \fBall\fP will match with all protocols and is taken as default when this option is omitted. .TP -[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP] +[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP] Source specification. \fIAddress\fP can be either a network name, a hostname (please note that specifying any name to be resolved with a remote query such as DNS is a really bad idea), @@ -247,8 +247,11 @@ specifying the number of 1's at the left side of the network mask. Thus, a mask of \fI24\fP is equivalent to \fI255.255.255.0\fP. A "!" argument before the address specification inverts the sense of the address. The flag \fB\-\-src\fP is an alias for this option. +Multiple addresses can be specified, but this will \fBexpand to multiple +rules\fP (when adding with \-A), or will cause multiple rules to be +deleted (with \-D). .TP -[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP] +[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP] Destination specification. See the description of the \fB\-s\fP (source) flag for a detailed description of the syntax. The flag -- cgit v1.2.3