After I wrote a recent post on best practices for iptables, I noticed that I forgot to mention comments for iptables rules. They can be extremely handy if you have some obscure rules for odd situations.
To make an iptables rule with a comment, simply add on the following arguments to the rule:
-m comment --comment "limit ssh access"
Depending on your distribution, you may need to load the
xt_comment modules into your running kernel first.
A full iptables rule to limit ssh access would look something like this:
iptables -A INPUT -j DROP -p tcp --dport 22 -m comment --comment "limit ssh access"