Hi,

In the manual of iptables there is nothing about the mask value of an interface. + sign at the end of a few characters of an interface means any interface which begins with this name will match.

Again what I wonder is the why iniface_mask value is used???

thanks,
Ozgur AKAN

---------------------------------------------------------------------

-i, --in-interface [!] [name]

Optional name of an interface via which a packet is received (for packets entering the INPUT, FORWARD and PREROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, the string "+" is assumed, which will match with any interface name.

-o, --out-interface [!] [name]

Optional name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). When the "!" argument is used before the interface name, the sense is inverted. If the interface name ends in a "+", then any interface which begins with this name will match. If this option is omitted, the string "+" is assumed, which will match with any interface name.

------------------------------------------------------------------------