Comments at end of iptables statements

Comments at end of iptables statements

[John V. Kjellman]

Any chance that a "#" or other character will one day be allowed as a 
comment character at the end of iptables statements?

Regards,
   John V. Kjellman
   Henniker, NH

Re: Comments at end of iptables statements

[Gáspár Lajos]

John V. Kjellman írta:
> Any chance that a "#" or other character will one day be allowed as a 
> comment character at the end of iptables statements?
What do you mean?
If  you setup your rules from a shell script then you can add a comment 
IN the script

iptables .... # This is a good rule...

In the other hand you can use the comment module...

iptables -m comment --comment 'This is a good connection'
>
> Regards,
>   John V. Kjellman
>   Henniker, NH
>
>

Re: Comments at end of iptables statements

[Leonardo Rodrigues Magalhães]

John V. Kjellman escreveu:
> Any chance that a "#" or other character will one day be allowed as a 
> comment character at the end of iptables statements?
>

    You can use the comment module !! It allows you to easily grep 
'iptables -nL -v' output. I used it a LOT for creating IP Accounting 
rules which will be graphed by cacti.


iptables -A accounting_local_saida -p tcp --dport 80 -m comment 
--comment servidor_web
iptables -A accounting_local_saida -p tcp --sport 80 -m comment 
--comment servidor_web

iptables -A accounting_local_entrada -p tcp --dport 25 -m comment 
--comment entrada_emails
iptables -A accounting_local_saida -p tcp --sport 25 -m comment 
--comment entrada_emails


Chain accounting_local_entrada (1 references)
 pkts bytes target     prot opt in     out     source               
destination        
73718   85M            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:25 /* entrada_emails */
  231 50718            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:80 /* servidor_web */


Chain accounting_local_saida (1 references)
 pkts bytes target     prot opt in     out     source               
destination        
54932 2640K            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp spt:25 /* entrada_emails */
  202  113K            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp spt:80 /* servidor_web */

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it

Comments at end of iptables statements

[John V. Kjellman]

Thanks for the suggestions about the comment module, I was not aware of 
it and will look into it. But, it would still be nice to just be able to 
tack a comment at the end of the that iptables would ignore.

Regards,
   John K