Книга: Iptables Tutorial 1.2.2
Comment match
Comment match
The comment match is used to add comments inside the iptables ruleset and the kernel. This can make it much easier to understand your ruleset and to ease debugging. For example, you could add comments documenting which bash function added specific sets of rules to netfilter, and why. It should be noted that this isn't actually a match. The comment match is loaded using the -m comment keywords. At this point the following options will be available.
Table 10-10. Comment match options
| Match | --comment |
| Kernel | 2.6 |
| Example | iptables -A INPUT -m comment --comment "A comment" |
| Explanation | The --comment option specifies the comment to actually add to the rule in kernel. The comment can be a maximum of 256 characters. |
Оглавление книги
Оглавление статьи/книги
- Addrtype match
- AH/ESP match
- Comment match
- Connmark match
- Conntrack match
- Dscp match
- Ecn match
- Hashlimit match
- Helper match
- IP range match
- Length match
- Limit match
- Mac match
- Mark match
- Multiport match
- Owner match
- Packet type match
- Realm match
- Recent match
- State match
- Tcpmss match
- Tos match
- Ttl match
- Unclean match