Add Comments to iptables Rules
By Scott Miller+ | 2014/06/03
Impress your boss and co-workers by using comments in your iptables rules. Here’s how it works!
What are iptables comments?
Comments appear as follows when in use. (Ex: /* allow SSH to this host from anywhere */ as seen below.)
$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* allow SSH to this host from anywhere */
ACCEPT udp -- anywhere anywhere udp dpt:route /* allow incoming RIP on the internal interface */
ACCEPT all -- localhost localhost /* allow any local-only traffic */
ACCEPT ipv6 -- tserv2.ash1.he.net anywhere /* allow IPv6 tunnel traffic from HE */
ACCEPT icmp -- anywhere anywhere /* allow ICMP traffic to this host from anywhere */
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
ACCEPT all -- anywhere anywhere /* allow all Internet bound traffic from the internal network */
ACCEPT icmp -- anywhere anywhere /* forward any ICMP traffic */
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Create comments with iptables rules
To make comments with your iptables rules, the syntax is: comment –comment “my cool text”
Here is a rule to allow ssh traffic with a comment added:
$ sudo iptables -A INPUT -p tcp -m tcp --dport 22 -m comment --comment "allow SSH to this host from anywhere" -j ACCEPT
This rule then appears as following when listing rules:
$ sudo iptables -L
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* allow SSH to this host from anywhere */
Hack on,
Tags: comments, documentation, firewall, firewall rules, iptables, linux, linux firewall, security
原文地址: https://scottlinux.com/2014/06/03/add-comments-to-iptables-rules/
转载请注明:IPCPU-网络之路 » 如何给iptables加注释Add Comments to iptables Rules