Why does `& ~` mean "discard the messages that were matched in the previous line"?

In the webpage iptables log

Create /etc/rsyslog.d/iptables.conf with the following contents:

:msg, startswith, "iptables: " -/var/log/iptables.log
& ~

The second line means discard the messages that were matched in the previous line.
Why does & ~ mean "discard the messages that were matched in the previous line" in iptables config?

1 Answer

It has nothing to do with bash nor iptables (as your question tags originally suggested). This /etc/rsyslog.d/iptables.conf is a part of rsyslogd config, not iptables config.

& is a part of syntax that rsyslog understands.

It's explained here:

You can have multiple actions for a single selector (or more precisely a single filter of such a selector line). Each action must be on its own line and the line must start with an ampersand (&) character and have no filters. An example would be

*.=crit :omusrmsg:rger
& root
& /var/log/critmsgs

These three lines send critical messages to the user rger and root and also store them in /var/log/critmsgs. Using multiple actions per selector is convenient and also offers a performance benefit.

Then ~ is explained here:

If the discard action is carried out, the received message is immediately discarded. No further processing of it occurs. […] Discard is just the word stop with no further parameters:

stop

For example,

*.* stop

discards everything (ok, you can achieve the same by not running rsyslogd at all…).

Note that in legacy configuration the tilde character ~ can also be used instead of the word stop.

In your case matching messages will be logged to the file, then discarded (not processed further).