给iptables规则添加注释，以此给你的老板和同事一个好印象。方法如下：

什么是iptables的注释呢？

iptables的注释一般使用在每条规则的后面，注释一般用 包住。（具体的见下面的iptables规则中的注释 ）

复制代码代码如下:$ sudo iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:route
ACCEPT all -- localhost localhost
ACCEPT ipv6 -- tserv2.ash1.he.net anywhere
ACCEPT icmp -- anywhere anywhere </p><p> Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere </p><p> Chain OUTPUT (policy ACCEPT)
target prot opt source destination</p><p> Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

为新的iptables规则添加注释

为新的iptables规则添加注释的语法为 ： comment --comment “要添加的注释文字”
具体的例子：下面添加一条允许ssh流量通过的规则，并且给这条规则添加注释:

复制代码代码如下:$ sudo iptables -A INPUT -p tcp -m tcp --dport 22 -m comment --comment "allow SSH to this host from anywhere" -j ACCEPT

然后用 -L 列出规则，就会看到刚才添加的规则和下面的一样：

复制代码代码如下:$ sudo iptables -L</p><p>ACCEPT tcp -- anywhere anywhere tcp dpt:ssh

教程完！