From c83727b516b0934845fe4611a10cb1b57d38ac58 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Wed, 9 May 2007 16:04:15 +0000
Subject: [PATCH] Fix COMMENT rule generation

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@6303 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall-common/releasenotes.txt  | 4 ++++
 Shorewall-perl/Shorewall/Chains.pm | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index 2b37334ca..4b5a690d4 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -50,6 +50,10 @@ Problems corrected in 3.9.7.
 8)  The LOGBURST and LOGLIMIT options in shorewall.conf now work
     correctly
 
+9)  Previously, COMMENT lines could result in invalid iptables-restore
+    input being generated. The quote marks around the comment string 
+    were being removed during iptables-restore input generation.
+
 Other changes in Shorewall 3.9.7.
 
 1)  Shorewall-perl now validates all IP addresses and addresses ranges
diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm
index b4bde3b41..21351026b 100644
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@@ -331,6 +331,12 @@ sub add_rule($$)
     $rule .= " -m comment --comment \"$comment\"" if $comment;
 
     if ( $chainref->{loopcount} || $chainref->{cmdcount} ) {
+	#
+	# The shell has this wonderful habit of removing quote marks. Certain rule constructs such
+	# as --comment and --log-prefix quote the associated value. The following statement
+	# will add an escape to each double quote in the rule so that when the rule is finally
+	# written to the iptables-input file, it will still have quote marks.
+	#
 	$rule =~ s/"/\\"/g;
 	add_command $chainref , qq(echo "-A $chainref->{name} $rule" >&3);
     } else {