Hello,
I'm a user (and big fan) of CentOS 5.6 and in my /etc/sysconfig/iptables there are few blocking rules for some annoying visitors of my website (I run a card game there since many years and some people are "special"):
*filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [294:35064] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.xx.0/24 -j DROP -A INPUT -s xx.xx.0.0/16 -j DROP -A INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp -m multiport --dports 80,8080,443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 \ --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 1/min --limit-burst 2 -j ACCEPT COMMIT
My problem is that I often don't remember why and when a blocking rule had been added.
Is there a way to add comments to the iptables file? A hash mark # does not seem to work.
If comments not possible, please share few tricks - how do YOU usually use iptables on CentOS, i.e. there is "sudo service iptables save", but I've yet to discover its usefulness
Regards Alex