最新消息:
    你的位置:IPCPU-网络之路 > Linux > 如何给iptables加注释Add Comments to iptables Rules

    如何给iptables加注释Add Comments to iptables Rules

    Linux ipcpu 3868浏览

    Add Comments to iptables Rules

    By Scott Miller+ | 2014/06/03

    Impress your boss and co-workers by using comments in your iptables rules. Here’s how it works!

    What are iptables comments?

    Comments appear as follows when in use. (Ex: /* allow SSH to this host from anywhere */ as seen below.)

      

    1. $ sudo iptables -L
      2. 

    2. Chain INPUT (policy DROP)
      3. 

    3. target     prot opt source               destination         
      4. 

    4. ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
      5. 

    5. fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh
      6. 

    6. ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* allow SSH to this host from anywhere */
      7. 

    7. ACCEPT     udp  --  anywhere             anywhere             udp dpt:route /* allow incoming RIP on the internal interface */
      8. 

    8. ACCEPT     all  --  localhost            localhost            /* allow any local-only traffic */
      9. 

    9. ACCEPT     ipv6 --  tserv2.ash1.he.net   anywhere             /* allow IPv6 tunnel traffic from HE */
      10. 

    10. ACCEPT     icmp --  anywhere             anywhere             /* allow ICMP traffic to this host from anywhere */
      11. 

      12. 

    12. Chain FORWARD (policy DROP)
      13. 

    13. target     prot opt source               destination         
      14. 

    14. ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
      15. 

    15. ACCEPT     all  --  anywhere             anywhere             /* allow all Internet bound traffic from the internal network */
      16. 

    16. ACCEPT     icmp --  anywhere             anywhere             /* forward any ICMP traffic */
      17. 

      18. 

    18. Chain OUTPUT (policy ACCEPT)
      19. 

    19. target     prot opt source               destination         
      20. 

      21. 

    21. Chain fail2ban-ssh (1 references)
      22. 

    22. target     prot opt source               destination         
      23. 

    23. RETURN     all  --  anywhere             anywhere  
      24.

    Create comments with iptables rules

    To make comments with your iptables rules, the syntax is: comment –comment “my cool text”

    Here is a rule to allow ssh traffic with a comment added:

    1. $ sudo iptables -A INPUT -p tcp -m tcp --dport 22 -m comment --comment "allow SSH to this host from anywhere" -j ACCEPT

    This rule then appears as following when listing rules:

      

    1. $ sudo iptables -L
      2. 

    2. ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh /* allow SSH to this host from anywhere */
      3.

    Hack on,

    Tags: comments, documentation, firewall, firewall rules, iptables, linux, linux firewall, security

    原文地址: https://scottlinux.com/2014/06/03/add-comments-to-iptables-rules/

    转载请注明:IPCPU-网络之路 » 如何给iptables加注释Add Comments to iptables Rules

    与本文相关的文章