-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
A single table is surely shorter, but TBH I'm not sure if it's clearer.
Some rules needs to be duplicated for v4 and v6, some don't. IMO the main
advantage of the single table approach is purely port-based rules (UDP
or TCP), but the default firewall doesn't have many of them. They may be
relevant for custom-input chain (but not always - sometimes you might
want to use IP address in those too), and rarely for custom-forward.
In any case, changing it now is not an option. It would mean changing
the API for custom rules, which was a huge pain for users migrating to
R4.2, and we are not going to do that _again_ now.
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmYBY80ACgkQ24/THMrX
1yzebgf/dkFXbsl7FYfgeqPEJTZ/HMPWieXum7vI06FpuLlHncPMhbJ833prtAvK
CIZF/iEEOsngyiGT0VaH45NO3H4QBDftikwDQ3eB91+qJ792zcmaiuOj9LYStka4
XdsMhCbZsH8PeVfU36z7DGlZZ0lay1dAgqH4lVYu+LAA55mNFB6CqHLKq/APnrk9
Iopuz8m7AA8yEQ4lrAvYtFY3OpKQpKv0VZhDTtrILj0io7JdTzWNAbD0EFJmr7po
YW3j+kuRCTEUK0c4wD00mU5ZAytEdjgZuKQSTnfbEbrzOxSOvY+6E5a4B+SnqA0D
BciowS1par9BQDTZUsKnYPUIa0qySg==
=CtoI
-----END PGP SIGNATURE-----