最新消息:

如何给iptables加注释Add Comments to iptables Rules

Linux ipcpu 3629浏览

Add Comments to iptables Rules

By Scott Miller+ | 2014/06/03

Impress your boss and co-workers by using comments in your iptables rules. Here’s how it works!

What are iptables comments?

Comments appear as follows when in use. (Ex: /* allow SSH to this host from anywhere */ as seen below.)

  1. $ sudo iptables -L
  2. Chain INPUT (policy DROP)
  3. target prot opt source destination
  4. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
  5. fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
  6. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* allow SSH to this host from anywhere */
  7. ACCEPT udp -- anywhere anywhere udp dpt:route /* allow incoming RIP on the internal interface */
  8. ACCEPT all -- localhost localhost /* allow any local-only traffic */
  9. ACCEPT ipv6 -- tserv2.ash1.he.net anywhere /* allow IPv6 tunnel traffic from HE */
  10. ACCEPT icmp -- anywhere anywhere /* allow ICMP traffic to this host from anywhere */
  11. Chain FORWARD (policy DROP)
  12. target prot opt source destination
  13. ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED /* allow inbound traffic for established and related connections */
  14. ACCEPT all -- anywhere anywhere /* allow all Internet bound traffic from the internal network */
  15. ACCEPT icmp -- anywhere anywhere /* forward any ICMP traffic */
  16. Chain OUTPUT (policy ACCEPT)
  17. target prot opt source destination
  18. Chain fail2ban-ssh (1 references)
  19. target prot opt source destination
  20. RETURN all -- anywhere anywhere

Create comments with iptables rules

To make comments with your iptables rules, the syntax is: comment –comment “my cool text”

Here is a rule to allow ssh traffic with a comment added:

  1. $ sudo iptables -A INPUT -p tcp -m tcp --dport 22 -m comment --comment "allow SSH to this host from anywhere" -j ACCEPT

This rule then appears as following when listing rules:

  1. $ sudo iptables -L
  2. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh /* allow SSH to this host from anywhere */

Hack on,

Tags: comments, documentation, firewall, firewall rules, iptables, linux, linux firewall, security

原文地址: https://scottlinux.com/2014/06/03/add-comments-to-iptables-rules/

转载请注明:IPCPU-网络之路 » 如何给iptables加注释Add Comments to iptables Rules