>> assuming you are talking about /etc/sysconfig/iptables , hash is indeed >> the comment mark, and works fine. >> In my file on this system all comment lines have a hash as first >> character on the line though, so perhaps it doesn't like end-of-line >> comments but only accepts full lines of comment. >> FYI, using iptable comments commands are even more useful as they are displayed whenever you actually list the rules (e.g. via "service iptables status). For example: -A INPUT -s 10.0.0.2 -m comment --comment "I am an example comment" -j DROP