Não tem nada a ver com bash nem iptables (como sugerido originalmente nas tags de pergunta). Este /etc/rsyslog.d/iptables.conf é uma parte de rsyslogd config, não iptables config.
& é uma parte da sintaxe que rsyslog entende.
É explicado aqui :
You can have multiple actions for a single selector (or more precisely a single filter of such a selector line). Each action must be on its own line and the line must start with an ampersand (
&) character and have no filters. An example would be*.=crit :omusrmsg:rger & root & /var/log/critmsgsThese three lines send critical messages to the user
rgerandrootand also store them in/var/log/critmsgs. Using multiple actions per selector is convenient and also offers a performance benefit.
Então ~ é explicado aqui :
If the discard action is carried out, the received message is immediately discarded. No further processing of it occurs. […] Discard is just the word
stopwith no further parameters:stopFor example,
*.* stopdiscards everything (ok, you can achieve the same by not running
rsyslogdat all…).Note that in legacy configuration the tilde character
~can also be used instead of the wordstop.
No seu caso, as mensagens correspondentes serão registradas no arquivo e descartadas (não processadas posteriormente).