[CentOS] Adding comments to /etc/sysconfig/iptables
Alexander Farber
alexander.farber at gmail.comSun Apr 24 07:04:30 UTC 2011
- Previous message: [CentOS] Re; Valgrind/Callgrind 3.6.1 does not appear to work on Centos Linux 5.5
- Next message: [CentOS] Adding comments to /etc/sysconfig/iptables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello, I'm a user (and big fan) of CentOS 5.6 and in my /etc/sysconfig/iptables there are few blocking rules for some annoying visitors of my website (I run a card game there since many years and some people are "special"): *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.0.0/16 -j DROP -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 80,8080,443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 \ --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/min --limit-burst 2 -j ACCEPT COMMIT My problem is that I often don't remember why and when a blocking rule had been added. Is there a way to add comments to the iptables file? A hash mark # does not seem to work. If comments not possible, please share few tricks - how do YOU usually use iptables on CentOS, i.e. there is "sudo service iptables save", but I've yet to discover its usefulness Regards Alex
- Previous message: [CentOS] Re; Valgrind/Callgrind 3.6.1 does not appear to work on Centos Linux 5.5
- Next message: [CentOS] Adding comments to /etc/sysconfig/iptables
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list