> 4 - addition of support for a REM field in rules. Would do nothing > whatsoever except print the specified REMark text at the end > of the rule > in -L listings. Something like: > iptables -A INPUT -p tcp --dport 22 -s a.b.c.d -j ACCEPT -REM JoelSSH > So that a -L listing could be easier & quicker to decipher > sometimes. It > would also allow "iptables -L -v -n | grep Joel" to list only > rules, in > all chains, with "Joel" in the comment. Oh yes, that is a good idea. two wishes from me: could it be possible to display the line number of a certain rule in iptables -L -n -v additional to -REM target? I think this would very much help to find the rules quicker in the iptables scripts when editing with a text editor. Generally I think this is a problem of too large rule sets. Is there a way to make containers of src/dst addresses? e.g. like this: container_untrusted_dns="ip.addr.A, ip.addr.B, ip.addr.C" container_trusted_dns"ip.addr.D, ip.addr.E" iptables -A FORWARD -p 6 -m state -s $container_trusted_dns --sport 1024: -d $container_untrusted_dns --dport 53 -o $waneth --state NEW,ESTABLISHED -j ACCEPT Thanks, Philipp
