-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 7/2/2018 4:17 PM, Justin Pryzby wrote:
> Hi,
> 
> Is it possible to create an inline comment?  Something like this;
> if not, consider this a feature request from a longtime happy
> customer. ACCEPT          net,loc         $FW             tcp
> 3679,3680,3681,8800     -       ; -m comment --comment xyz
> 
> To me, that's frequently preferable to an "stripped" comment: 
> ACCEPT          net,loc         $FW             tcp
> 3679,3680,3681,8800     -       # xyz
> 
> Alternately, perhaps rules with "inline shell comments", instead of
> being stripped, could be passed to iptables --comment if enabled in
> shorewall.conf.. (?)

Here are a couple of links:

- - http://www.shorewall.org/configuration_file_basics.htm#Pairs (near the
  end of the section).

- - http://www.shorewall.org/configuration_file_basics.htm#idm617
> 
> BTW, while looking to see if this is already supported, it looks
> like there's a typo here:
> http://shorewall.org/configuration_file_basics.htm |INLINE | |
> INLINE, added in Shorewall 4. is available in the mangle, masq and
> rules files and allows you to specify ip[6]table text following a
> semicolon to the right of the column-oriented specifications. | |
> INLINE takes one optional parameter which, if present, must be a
> valid entry for the first column of the file. If the parameter is
> omitted, then you can specify the target of the rule in the text. 
> | |    Examples from the rules file: | |    #ACTION
> SOURCE           DEST | |    ?COMMENT Drop DNS Amplification Attack
> Packets |    INLINE(DROP):info    net              $FW ; udp     53
> ; -m u32 --u32 "0>>22&0x3C\@8&0xffff=0x0100 &&
> 0>>22&0x3C\@12&0xffff0000=0x00010000" |    ?COMMENT
> 
> I think the first semicolon (; udp 53) is erroneous ?
> 
Yes.

- -Tom
- -- 
Tom Eastep        \ When I die, I want to go like my Grandfather who
Shoreline,         \ died peacefully in his sleep. Not screaming like
Washington, USA     \ all of the passengers in his car
http://shorewall.net \________________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJbOrQtAAoJEJbms/JCOk0QhpAP/2DOgOHOveYtrel19o67SM3g
1b2+bEARXDjdO2PYYyDtBROFQCHHlhYgUgSrWEtJHtEfHhmf7zdz5jivmRMQQQZ7
qVOOuJFGV35QdmLCrcf3gnwriVPSA1+dcHRgh4h6JTNhK8XqT9CC0hhmCBgFUvhR
mnglFlBKhV3Zwlv3Ktf9uhSH6KPsm/9eh4TeKAQPen5UxYGtHNOOT/foZjeTcUNn
5y6pOlZPiBRf0n6FqYcizvQBtry29m9oxtMrWMD9GVMzuNX0XWkOT/fOxK7IhMdB
uI/B1kInNkOEnAWWiY9nfTBAA+YdacgtGW1TXISoOWO3chIBwYGzlcoTE4OcfGnH
kIvXtyWQa077tgb0TsE832aDTN5PA+1Vbd4YDURAzmMs9fl1vaaXkLVjfsSpFmSU
C4tQsTuGye0xzMjA5Iq5/DdY1+Tu3H29mpOugi1xwHgQa6SWmUquQt8CpiGP10Ww
qsApGTZ9F8NeQxg4VDMj5ajVX/uKhbYBT6JWvO84DgebSHU1hq1WCuxeSgqSmXK8
/lONt7X+2KNuE53PU5+EvDqFQCBMB0UiPec7EVYE6R1du3eeyzseCRtVkjCInaOR
HcufCbyy+5emGK/aDaWJlwtZWL2/VwNFBSruD0WkkUQUifS0/kPfWUINQRZd6yO+
qYy4ySnJAw9/fkrHt+TQ
=/YMx
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to