add an option to allow adding a comment to iptables rules

[verybadsoldier]

Motivation for this is to allow gathering statistics (number of filtered packages/bytes) for the rules. When they have a comment, then e.g. InfluxDB/Telegraf will automatically pick them up.

[LaurenceJJones]

Hey 👋

Apologizes we missed this.

We are currently working through CrowdSec 1.6.4 release, once we have completed that we can spend some time reviewing this.

Thank you for your patience

[verybadsoldier]

Of course, no problem, thank you.

[blotus]

Hello,

Sorry for the (very) late response.

You are currently setting the set name in the comment; what do you think about setting the actual origin instead? (As we now create one set per origin, it would be much easier to know which set is blocking what without having to refer to the bouncer logs.)

So, for example, instead of having:

CROWDSEC_LOG  all  --  anywhere             anywhere             match-set crowdsec-blacklists-2 src /* CrowdSec: crowdsec-blacklists-2 */

We would have:

CROWDSEC_LOG  all  --  anywhere             anywhere             match-set crowdsec-blacklists-2 src /* CrowdSec: cscli */

We can still keep the actual set name in the comment if you want.

If we add the origin in the comment, I'd also invert the logic of the config flag: put the comment by default and allow the user to disable it if, for any reason, their system does not have the comments module (that should be pretty rare) (unfortunately, we don't have a way currently to detect which extensions are available or not, so it must be done manually by the user).

[verybadsoldier]

Hey there, yes, I like it with "origin". I updated the PR accordingly, thanks.