-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 7/2/2018 4:17 PM, Justin Pryzby wrote: > Hi, > > Is it possible to create an inline comment? Something like this; > if not, consider this a feature request from a longtime happy > customer. ACCEPT net,loc $FW tcp > 3679,3680,3681,8800 - ; -m comment --comment xyz > > To me, that's frequently preferable to an "stripped" comment: > ACCEPT net,loc $FW tcp > 3679,3680,3681,8800 - # xyz > > Alternately, perhaps rules with "inline shell comments", instead of > being stripped, could be passed to iptables --comment if enabled in > shorewall.conf.. (?)
Here are a couple of links: - - http://www.shorewall.org/configuration_file_basics.htm#Pairs (near the end of the section). - - http://www.shorewall.org/configuration_file_basics.htm#idm617 > > BTW, while looking to see if this is already supported, it looks > like there's a typo here: > http://shorewall.org/configuration_file_basics.htm |INLINE | | > INLINE, added in Shorewall 4. is available in the mangle, masq and > rules files and allows you to specify ip[6]table text following a > semicolon to the right of the column-oriented specifications. | | > INLINE takes one optional parameter which, if present, must be a > valid entry for the first column of the file. If the parameter is > omitted, then you can specify the target of the rule in the text. > | | Examples from the rules file: | | #ACTION > SOURCE DEST | | ?COMMENT Drop DNS Amplification Attack > Packets | INLINE(DROP):info net $FW ; udp 53 > ; -m u32 --u32 "0>>22&0x3C\@8&0xffff=0x0100 && > 0>>22&0x3C\@12&0xffff0000=0x00010000" | ?COMMENT > > I think the first semicolon (; udp 53) is erroneous ? > Yes. - -Tom - -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJbOrQtAAoJEJbms/JCOk0QhpAP/2DOgOHOveYtrel19o67SM3g 1b2+bEARXDjdO2PYYyDtBROFQCHHlhYgUgSrWEtJHtEfHhmf7zdz5jivmRMQQQZ7 qVOOuJFGV35QdmLCrcf3gnwriVPSA1+dcHRgh4h6JTNhK8XqT9CC0hhmCBgFUvhR mnglFlBKhV3Zwlv3Ktf9uhSH6KPsm/9eh4TeKAQPen5UxYGtHNOOT/foZjeTcUNn 5y6pOlZPiBRf0n6FqYcizvQBtry29m9oxtMrWMD9GVMzuNX0XWkOT/fOxK7IhMdB uI/B1kInNkOEnAWWiY9nfTBAA+YdacgtGW1TXISoOWO3chIBwYGzlcoTE4OcfGnH kIvXtyWQa077tgb0TsE832aDTN5PA+1Vbd4YDURAzmMs9fl1vaaXkLVjfsSpFmSU C4tQsTuGye0xzMjA5Iq5/DdY1+Tu3H29mpOugi1xwHgQa6SWmUquQt8CpiGP10Ww qsApGTZ9F8NeQxg4VDMj5ajVX/uKhbYBT6JWvO84DgebSHU1hq1WCuxeSgqSmXK8 /lONt7X+2KNuE53PU5+EvDqFQCBMB0UiPec7EVYE6R1du3eeyzseCRtVkjCInaOR HcufCbyy+5emGK/aDaWJlwtZWL2/VwNFBSruD0WkkUQUifS0/kPfWUINQRZd6yO+ qYy4ySnJAw9/fkrHt+TQ =/YMx -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users