I traced that behavior to host_to_ipaddr function in libxtables/xtables.c "--source <hostname>" will match all the IP addresses of hostname. Same thing for --destination
The problem is that gethostbyname("localhost") returns two results: 127.0.0.1
and 127.0.0.1 (yes, the same thing).
So this might be a bug in libc
--source localhost --destination localhost wrongly yields 2x2 = 4 combination
of addresses
signature.asc
Description: This is a digitally signed message part.
