diff options
authorMáté Eckl <>2018-08-06 20:58:21 +0200
committerPablo Neira Ayuso <>2018-08-07 18:10:18 +0200
commit5d27a91422f74bdc368256ec4087fe30e6f5d73d (patch)
parent0d62623c46a5d2d092ecbbe00c76ebcd8ca61275 (diff)
doc: Add comment possibility to man page
Commenting is really useful in complex rulesets, however it is not documented that they can be added to any rule. This patch adds commenting possibility to the man page. Signed-off-by: Máté Eckl <> Acked-by: Duncan Roe <> Signed-off-by: Pablo Neira Ayuso <>
1 files changed, 7 insertions, 2 deletions
diff --git a/doc/nft.txt b/doc/nft.txt
index 74952968..703cca18 100644
--- a/doc/nft.txt
+++ b/doc/nft.txt
@@ -356,8 +356,8 @@ are *accept* (which is the default) or *drop*.
-{add | insert} *rule* ['family'] 'table' 'chain' [ {handle | position} 'handle' | index 'index' ] 'statement'...
-replace *rule* ['family'] 'table' 'chain' handle 'handle' 'statement'...
+{add | insert} *rule* ['family'] 'table' 'chain' [ {handle | position} 'handle' | index 'index' ] 'statement' ... [ comment 'comment' ]
+replace *rule* ['family'] 'table' 'chain' handle 'handle' 'statement' ... [ comment 'comment' ]
delete *rule* ['family'] 'table' 'chain' handle 'handle'
Rules are added to chains in the given table. If the family is not specified, the
@@ -373,6 +373,11 @@ rule index might change if a rule was inserted or deleted before the referred
one. If the referred rule was deleted, the command is rejected by the kernel
just as if an invalid 'handle' was given.
+A 'comment' is a single word or a double-quoted (") multi-word string which can
+be used to make notes regarding the actual rule. *Note:* If you use bash for
+adding rules, you have to escape the quotation marks (eg. \"enable ssh for
*add*:: Add a new rule described by the list of statements. The
rule is appended to the given chain unless a position is specified, in which