Hello,

I'm a user (and big fan) of CentOS 5.6 and in my /etc/sysconfig/iptables
there are few blocking rules for some annoying visitors of my website
(I run a card game there since many years and some people are "special"):

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [294:35064]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s xx.xx.xx.0/24 -j DROP
-A INPUT -s xx.xx.xx.0/24 -j DROP
-A INPUT -s xx.xx.xx.0/24 -j DROP
-A INPUT -s xx.xx.xx.0/24 -j DROP
-A INPUT -s xx.xx.xx.0/24 -j DROP
-A INPUT -s xx.xx.0.0/16 -j DROP
-A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports
80,8080,443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22
--tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/min --limit-burst
2 -j ACCEPT
COMMIT

My problem is that I often don't remember
why and when a blocking rule had been added.

Is there a way to add comments to the iptables file?
A hash mark # does not seem to work.

If comments not possible, please share few tricks -
how do YOU usually use iptables on CentOS,
i.e. there is "sudo service iptables save",
but I've yet to discover its usefulness

Regards
Alex
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Alexander Farber wrote:
<snip>
> Is there a way to add comments to the iptables file?
> A hash mark # does not seem to work.

assuming you are talking about /etc/sysconfig/iptables , hash is indeed
the comment mark, and works fine.
In my file on this system all comment lines have a hash as first
character on the line though, so perhaps it doesn't like end-of-line
comments but only accepts full lines of comment.

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos