Hi, Is it possible to create an inline comment? Something like this; if not, consider this a feature request from a longtime happy customer. ACCEPT net,loc $FW tcp 3679,3680,3681,8800 - ; -m comment --comment xyz
To me, that's frequently preferable to an "stripped" comment: ACCEPT net,loc $FW tcp 3679,3680,3681,8800 - # xyz Alternately, perhaps rules with "inline shell comments", instead of being stripped, could be passed to iptables --comment if enabled in shorewall.conf.. (?) BTW, while looking to see if this is already supported, it looks like there's a typo here: http://shorewall.org/configuration_file_basics.htm |INLINE | | INLINE, added in Shorewall 4. is available in the mangle, masq and rules files and allows you to specify ip[6]table text following a semicolon to the right of the column-oriented specifications. | | INLINE takes one optional parameter which, if present, must be a valid entry for the first column of the file. If the parameter is omitted, then you can specify the target of the rule in the text. | | Examples from the rules file: | | #ACTION SOURCE DEST | | ?COMMENT Drop DNS Amplification Attack Packets | INLINE(DROP):info net $FW ; udp 53 ; -m u32 --u32 "0>>22&0x3C\@8&0xffff=0x0100 && 0>>22&0x3C\@12&0xffff0000=0x00010000" | ?COMMENT I think the first semicolon (; udp 53) is erroneous ? Thanks, Justin ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
