Hi, On Fri, Oct 23, 2020 at 11:56:20PM +0000, Leroy Tennison wrote: > I have used rules along the lines of > > iptables -A INPUT -s 10.0.0.0/8 -m comment --comment "Comment up to 256 characters" -j ACCEPT > > with success, now I'm wondering if I can extend that to something like > > iptables -A INPUT -m comment --comment "Comment up to 256 characters" > > for situations where comments longer that 256 characters are needed to adequately document a situation. For example You can add multiple comment "matches": | # iptables -A FORWARD \ -m comment --comment "This really is a much too long comment to add to a rule. It exhausts the maximum number of two-hundred-and-fifty-six characters supported in a single comment \"match\". And Yes, there is still space left after all the yapping in here. Still a tiny bit more." \ -m comment --comment "And here's a second comment match with its own space of 256 characters." I'm pretty sure this is better than multiple rules regarding performance. Ideally, the comment matches *should* also not add any significant overhead - additional rules certainly do. Cheers, Phil
