Shulou(Shulou.com)06/01 Report--

This article focuses on "how to add comments to iptables rules in the Linux system". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to add comments to iptables rules in the Linux system.

Add comments to the iptables rules to make a good impression on your boss and colleagues. The methods are as follows:

What are iptables's comments?

Iptables comments are generally used at the end of each rule, and comments are usually wrapped in / * /. (for more information, please see the comment / * allow SSH to this host from anywhere * / in iptables rules below)

The code is as follows:

$sudo iptables-L

Chain INPUT (policy DROP)

Target prot opt source destination

ACCEPT all-anywhere anywhere state RELATED,ESTABLISHED / * allow inbound traffic for established and related connections * /

Fail2ban-ssh tcp-anywhere anywhere multiport dports ssh

ACCEPT tcp-anywhere anywhere tcp dpt:ssh / * allow SSH to this host from anywhere * /

ACCEPT udp-anywhere anywhere udp dpt:route / * allow incoming RIP on the internal interface * /

ACCEPT all-localhost localhost / * allow any local-only traffic * /

ACCEPT ipv6-tserv2.ash2.he.net anywhere / * allow IPv6 tunnel traffic from HE * /

ACCEPT icmp-anywhere anywhere / * allow ICMP traffic to this host from anywhere * /

Chain FORWARD (policy DROP)

Target prot opt source destination

ACCEPT all-anywhere anywhere state RELATED,ESTABLISHED / * allow inbound traffic for established and related connections * /

ACCEPT all-anywhere anywhere / * allow all Internet bound traffic from the internal network * /

ACCEPT icmp-anywhere anywhere / * forward any ICMP traffic * /

Chain OUTPUT (policy ACCEPT)

Target prot opt source destination

Chain fail2ban-ssh (1 references)

Target prot opt source destination

RETURN all-anywhere anywhere

Add comments to the new iptables rule

The syntax for adding comments to the new iptables rule is: comment-- comment "comment text to add"

Specific example: add a rule that allows ssh traffic to pass through, and add comments to this rule:

The code is as follows:

$sudo iptables-An INPUT-p tcp-m tcp-- dport 22-m comment-- comment "allow SSH to this host from anywhere"-j ACCEPT

Then list the rules with-L, and you will see that the rules you just added are the same as the following:

The code is as follows:

$sudo iptables-L

ACCEPT tcp-anywhere anywhere tcp dpt:ssh / * allow SSH to this host from anywhere * /

At this point, I believe you have a deeper understanding of "how to add comments to iptables rules in the Linux system". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.