John V. Kjellman escreveu:
Any chance that a "#" or other character will one day be allowed as a
comment character at the end of iptables statements?
You can use the comment module !! It allows you to easily grep
'iptables -nL -v' output. I used it a LOT for creating IP Accounting
rules which will be graphed by cacti.
iptables -A accounting_local_saida -p tcp --dport 80 -m comment
--comment servidor_web
iptables -A accounting_local_saida -p tcp --sport 80 -m comment
--comment servidor_web
iptables -A accounting_local_entrada -p tcp --dport 25 -m comment
--comment entrada_emails
iptables -A accounting_local_saida -p tcp --sport 25 -m comment
--comment entrada_emails
Chain accounting_local_entrada (1 references)
pkts bytes target prot opt in out source
destination
73718 85M tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25 /* entrada_emails */
231 50718 tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80 /* servidor_web */
Chain accounting_local_saida (1 references)
pkts bytes target prot opt in out source
destination
54932 2640K tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:25 /* entrada_emails */
202 113K tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp spt:80 /* servidor_web */
--
Atenciosamente / Sincerily,
Leonardo Rodrigues
Solutti Tecnologia
http://www.solutti.com.br
Minha armadilha de SPAM, NÃO mandem email
gertrudes@xxxxxxxxxxxxxx
My SPAMTRAP, do not email it
