why not generate the range syntax when port => 'start:end' is encountered in a rich rule?

[kenyapcomau]

Why not generate the single port element:

<port protocol="tcp" port="start-end"/>

instead of lots of port elements like:

<port protocol="tcp" port="start"/> ... <port protocol="tcp" port="end"/>

This is what the builtin rules use and it would make the iptables rules more compact.

Thanks.