path: root/
diff options
authorMichael Granzow <>2009-04-09 18:24:36 +0100
committerJan Engelhardt <>2009-06-26 21:13:06 +0200
commit332e4acc574e3a348fe611d55bf642de0d50fbda (patch)
treeef8f4188c26905ca0bffde5b77eac6614b5bfc83 /
parentf9bf812aed50949db584cdf93752193c802fefcb (diff)
iptables: accept multiple IP address specifications for -s, -d
libiptc already supports adding and deleting multiple rules with different addresses, so it only needs to be wired up to the options. # ip6tables -I INPUT -s 2001:db8::d,2001:db8::e -j DROP References: Adjustments made: syntax, removal of unneeded variables, manpage adjustment, soversion bump. Signed-off-by: Jan Engelhardt <>
Diffstat (limited to '')
1 files changed, 5 insertions, 2 deletions
diff --git a/ b/
index 10dcb734..14fc23ad 100644
--- a/
+++ b/
@@ -236,7 +236,7 @@ Protocol \fBall\fP
will match with all protocols and is taken as default when this
option is omitted.
-[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-s\fP, \fB\-\-source\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP]
Source specification. \fIAddress\fP
can be either a network name, a hostname (please note that specifying
any name to be resolved with a remote query such as DNS is a really bad idea),
@@ -247,8 +247,11 @@ specifying the number of 1's at the left side of the network mask.
Thus, a mask of \fI24\fP is equivalent to \fI255.255.255.0\fP.
A "!" argument before the address specification inverts the sense of
the address. The flag \fB\-\-src\fP is an alias for this option.
+Multiple addresses can be specified, but this will \fBexpand to multiple
+rules\fP (when adding with \-A), or will cause multiple rules to be
+deleted (with \-D).
-[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP]
+[\fB!\fP] \fB\-d\fP, \fB\-\-destination\fP \fIaddress\fP[\fB/\fP\fImask\fP][\fB,\fP\fI...\fP]
Destination specification.
See the description of the \fB\-s\fP
(source) flag for a detailed description of the syntax. The flag