It has nothing to do with bash nor iptables (as your question tags originally suggested). This /etc/rsyslog.d/iptables.conf is a part of rsyslogd config, not iptables config.

& is a part of syntax that rsyslog understands.

It's explained here:

You can have multiple actions for a single selector (or more precisely a single filter of such a selector line). Each action must be on its own line and the line must start with an ampersand (&) character and have no filters. An example would be

*.=crit :omusrmsg:rger
& root
& /var/log/critmsgs

These three lines send critical messages to the user rger and root and also store them in /var/log/critmsgs. Using multiple actions per selector is convenient and also offers a performance benefit.

Then ~ is explained here:

If the discard action is carried out, the received message is immediately discarded. No further processing of it occurs. […] Discard is just the word stop with no further parameters:

stop

For example,

*.*   stop

discards everything (ok, you can achieve the same by not running rsyslogd at all…).

Note that in legacy configuration the tilde character ~ can also be used instead of the word stop.

In your case matching messages will be logged to the file, then discarded (not processed further).