<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - xtables-compat-multi fails to parse comments"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1112">1112</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>xtables-compat-multi fails to parse comments
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>iptables
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>CVS (please indicate timestamp)
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>x86_64
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>Gentoo
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>minor
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P5
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>unknown
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>netfilter-buglog@lists.netfilter.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>hidekiai@HAI-TechWares.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Either via 'iptables-translate' (standalone) or 'iptables-restore-translate -f'
(both are softlinks to xtables-compat-multi), when '-m comment --comment "some
comment with quotes"' is part of the match rule, the jump verdict is appended
to the ending quote.

For example:
# iptables-translate -A INPUT -p tcp -m tcp --sport http -s 192.168.0.0/16 -d
192.168.0.0/16 -j LONGNACCEPT -m comment --comment "foobar"
nft add rule ip filter INPUT ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16
tcp sport 80 counter comment \"foobar\"jump LONGNACCEPT

Note that even without comment with double-quotes (i.e. --comment "foobar"), it
will add quotes:

# iptables-translate -A FORWARD -p tcp -m tcp --sport http -s 192.168.0.0/16 -d
192.168.0.0/16 -j DROP -m comment --comment singlecomment
nft add rule ip filter FORWARD ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16
tcp sport 80 counter comment \"singlecomment\"drop

Attempting to apply the translated/generated rule will result to:

# nft add rule ip filter INPUT ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16
tcp sport 80 counter comment \"foobar\"jump LONGNACCEPT
<cmdline>:1:111-114: Error: syntax error, unexpected jump, expecting end of
file or newline or semicolon
add rule ip filter INPUT ip saddr 192.168.0.0/16 ip daddr 192.168.0.0/16 tcp
sport 80 counter comment "foobar"jump LONGNACCEPT
                                                                               
                              ^^^^</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>