Comments at end of iptables statements

Linux Netfilter discussions
 help / color / mirror / Atom feed

* Comments at end of iptables statements
@ 2007-06-17 16:47 John V. Kjellman
  2007-06-18 12:10 ` Gáspár Lajos
  2007-06-18 12:14 ` Leonardo Rodrigues Magalhães
  0 siblings, 2 replies; 4+ messages in thread
From: John V. Kjellman @ 2007-06-17 16:47 UTC (permalink / raw)
  To: netfilter

Any chance that a "#" or other character will one day be allowed as a 
comment character at the end of iptables statements?

Regards,
   John V. Kjellman
   Henniker, NH

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Comments at end of iptables statements
  2007-06-17 16:47 Comments at end of iptables statements John V. Kjellman
@ 2007-06-18 12:10 ` Gáspár Lajos
  2007-06-18 12:14 ` Leonardo Rodrigues Magalhães
  1 sibling, 0 replies; 4+ messages in thread
From: Gáspár Lajos @ 2007-06-18 12:10 UTC (permalink / raw)
  To: John V. Kjellman, Netfilter IPtableMailinglist

John V. Kjellman írta:
> Any chance that a "#" or other character will one day be allowed as a 
> comment character at the end of iptables statements?
What do you mean?
If  you setup your rules from a shell script then you can add a comment 
IN the script

iptables .... # This is a good rule...

In the other hand you can use the comment module...

iptables -m comment --comment 'This is a good connection'
>
> Regards,
>   John V. Kjellman
>   Henniker, NH
>
>




^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: Comments at end of iptables statements
  2007-06-17 16:47 Comments at end of iptables statements John V. Kjellman
  2007-06-18 12:10 ` Gáspár Lajos
@ 2007-06-18 12:14 ` Leonardo Rodrigues Magalhães
  1 sibling, 0 replies; 4+ messages in thread
From: Leonardo Rodrigues Magalhães @ 2007-06-18 12:14 UTC (permalink / raw)
  To: John V. Kjellman; +Cc: netfilter



John V. Kjellman escreveu:
> Any chance that a "#" or other character will one day be allowed as a 
> comment character at the end of iptables statements?
>

    You can use the comment module !! It allows you to easily grep 
'iptables -nL -v' output. I used it a LOT for creating IP Accounting 
rules which will be graphed by cacti.


iptables -A accounting_local_saida -p tcp --dport 80 -m comment 
--comment servidor_web
iptables -A accounting_local_saida -p tcp --sport 80 -m comment 
--comment servidor_web

iptables -A accounting_local_entrada -p tcp --dport 25 -m comment 
--comment entrada_emails
iptables -A accounting_local_saida -p tcp --sport 25 -m comment 
--comment entrada_emails


Chain accounting_local_entrada (1 references)
 pkts bytes target     prot opt in     out     source               
destination        
73718   85M            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:25 /* entrada_emails */
  231 50718            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp dpt:80 /* servidor_web */


Chain accounting_local_saida (1 references)
 pkts bytes target     prot opt in     out     source               
destination        
54932 2640K            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp spt:25 /* entrada_emails */
  202  113K            tcp  --  *      *       0.0.0.0/0            
0.0.0.0/0           tcp spt:80 /* servidor_web */

-- 


	Atenciosamente / Sincerily,
	Leonardo Rodrigues
	Solutti Tecnologia
	http://www.solutti.com.br

	Minha armadilha de SPAM, NÃO mandem email
	gertrudes@solutti.com.br
	My SPAMTRAP, do not email it






^ permalink raw reply	[flat|nested] 4+ messages in thread

* Comments at end of iptables statements
@ 2007-06-19 12:28 John V. Kjellman
  0 siblings, 0 replies; 4+ messages in thread
From: John V. Kjellman @ 2007-06-19 12:28 UTC (permalink / raw)
  To: netfilter

Thanks for the suggestions about the comment module, I was not aware of 
it and will look into it. But, it would still be nice to just be able to 
tack a comment at the end of the that iptables would ignore.

Regards,
   John K

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-06-19 12:28 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-06-17 16:47 Comments at end of iptables statements John V. Kjellman
2007-06-18 12:10 ` Gáspár Lajos
2007-06-18 12:14 ` Leonardo Rodrigues Magalhães
  -- strict thread matches above, loose matches on Subject: below --
2007-06-19 12:28 John V. Kjellman

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox