[问题求助]iptables中set模块的使用 [复制链接]

set
       This modules macthes IP sets which can be defined by ipset(.http://upload.bbs.csuboy.com/Mon_1004/126_6824_31ffde71d54d97a.gif[/img]    外汇
       --set setname. flag[,flag...] where flags are src and/or dst and there can be no more than six o.f them. Hence the command iptables -A FORWARD -m set --set test src,dst will match packets, for which (depending .o.n. the type of the set) the  source address or port number of the packet can be found in the specified set. If there is a binding b.elonging to the mached set  eleme.nt  or  there  is a default binding for the given set, then the  rule  will  match  the  packet  only  i.f  additionally (depending  on  the  type of the set) the destination address or port num.ber of .the packet can be found in the set  a.ccor.d.ing  to. the binding..

上面这个是set模块的manual，没太看明白http://upload.bbs.csuboy.com/Mon_1004/126_6824_0b0a34ccc7cf0fd.gif[/img]http://upload.bbs.csuboy.com/Mon_1004/126_6824_0b0a34ccc7cf0fd.gif[/img]，具体在使用上：http://upload.bbs.csuboy.com/Mon_1004/126_6824_0b0a34ccc7cf0fd.gif[/img].
-m set --set user_ip src -j ACCEPT和-.m set -.-set user_ip dst -j ACCEPT很好理解，但是我.有看到-m set --.set user_ip sr.c,dst -j ACCEPT，还有-m set --set user_ip src,src -j ACCEPT这样的用法，这个就不明白了，有谁能指点一下？             电子