Re: [PATCH 0/3] ipset: change 'iface' part in hash:net,iface set

[Mr Dash Four <mr.dash.four@googlemail.com>]

>>> with your patches in some cases 
>>> "src,in" == "src,src" or "src,in" != "src,src"
>>>   
>>>       
>> Could you provide me with an example please? I am intrigued!
>>     
>
> This is ridiculous, as if I haven't provided it countless times:
>
> iptables -A INPUT -m set --match-set list1 src,src -j ACCEPT
> iptables -A INPUT -m set --match-set list1 src,in -j ACCEPT
>   
Well, in the above example I fail to see where "src,in" == "src,src" - 
that is *never* the case!

>> So, in other words, what you are actually getting at, is that you wish to
>> restrict the use of 'in' and 'out' options only for hash:net,iface types
>> because you are not happy with the use of 'in'/'out' in any other set types,
>> list:set in particular? Have I understood this correctly then?
>>     
>
> That's a possible - probably the simplest - solution. It's OK for me.
>   
So, let me get this straight then: you wish 'in' and 'out' to be 
accepted as input (and I presume also displayed as well) *only* for 
hash:net,iface type of sets and rejected (possibly with an error) 
everywhere else?

In other words:
1. For hash:net,iface the possible options should be 'in', 'out', 'src' 
and 'dst'; and
2. For all other sets, including list:set the only available options 
should be 'src' and 'dst'. Have I understood this correctly then?