I often use iptables (or ip6tables, the IPv6 version of iptables) to implemented firewall rules on my linux systems.
In earlier times I used a commented bash script to setup the rules after booting, but using Gentoo nowadays there is a nice init script saving and restoring my tables. Using this I stopped commenting the firewall rules, but yesterday I found a very nice solution for this problem.
Iptables has a special "match" for comments. You have to enable it in your kernel config like
[*] Networking support ---> Networking options [*] Network packet filtering framework (Netfilter) ---> Core Netfilter Configuration ---> -*- Netfilter Xtables support (required for ip_tables) <*> "comment" match support
or as a module.
Then you're able to add rules like
iptables -A INPUT -m state --state RELATED,ESTABLISHED \ -m comment --comment "allow all established connections" -j ACCEPT
And if you list your rules you get something like
Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED /* allow all established connections */
It's a pity that I never saw this in any iptables tutorials.