Linux: Add Comment to IPTables Rule

Objective: Add a comment to a iptables rule.

You might not be able to determine how to add a rule from the iptables man page. A iptables rule comment is added by using the comment module.

You can refer to man iptables-extensions for more information of iptables module extensions.

To add a comment to a iptables rule, append the following syntax to the end of the rule: -m comment --comment "comment here".

Below is an example on how add a comment to a iptables rule in the INPUT chain.

$ sudo iptables -A INPUT -p tcp --dport 22 -m comment --comment "allow ssh"

1	$ sudo iptables -A INPUT -p tcp --dport 22 -m comment --comment "allow ssh"

We can verify that the comment was added by running the following iptables command.

$ sudo iptables -L INPUT -n
Chain INPUT (policy DROP)
target     prot opt source               destination         
           tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* allow ssh */

$ sudo iptables -L INPUT -n

Chain INPUT (policy DROP)

target prot opt source destination

tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* allow ssh */

You will need the iptables comment module to add comments to a rule. You can use the following command to check the kernel modules that are available for iptables.

$ ls /lib/modules/$(uname -r)/kernel/net/netfilter/

1	$ ls /lib/modules/$(uname -r)/kernel/net/netfilter/

Mohamed Ibrahim

ibrahim = { interested_in(unix, linux, android, open_source, reverse_engineering); coding(c, shell, php, python, java, javascript, nodejs, react); plays_on(xbox, ps4); linux_desktop_user(true); }