iptables-comment加注释

iptables 可以加载comment模块,对规则加以解释,方便管理!

# iptables -m comment -help
iptables v1.4.10
.
.
.
comment match options:
--comment COMMENT Attach a comment to a rule

示例:

# iptables -t filter -I INPUT -p tcp --dport 21 -j ACCEPT -m comment --comment "remark"
# iptables -t filter -I INPUT -m comment --comment "remark" -p tcp --dport 21 -j ACCEPT

# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:21 /* remark */ 
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           /* remark */ tcp dpt:21



# iptables -t filter -I INPUT -m comment --comment "remark1" -p tcp --dport 21 -j ACCEPT -m comment --comment "remark2"

# iptables -t filter -nL INPUT
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           /* remark1 */ tcp dpt:21 /* remark2 */

参考:

http://spamcleaner.org/en/misc/iptables-comment.html

 

发表回复