From 23e94e136c87633f98e32db4e170c67a530b2abc Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 5 Sep 2010 08:17:58 -0700
Subject: [PATCH] Allow COMMENT, SAVE and RESTORE to work correctly in secmarks

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Tc.pm | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Tc.pm b/Shorewall/Perl/Shorewall/Tc.pm
index 579175242..718705b19 100644
--- a/Shorewall/Perl/Shorewall/Tc.pm
+++ b/Shorewall/Perl/Shorewall/Tc.pm
@@ -1373,7 +1373,12 @@ sub setup_traffic_shaping() {
 # Process a record in the secmarks file
 #
 sub process_secmark_rule() {
-    my ( $secmark, $chain, $source, $dest, $proto, $dport, $sport, $mark ) = split_line( 2, 8 , 'Secmarks file' );
+    my ( $secmark, $chain, $source, $dest, $proto, $dport, $sport, $mark ) = split_line1( 2, 8 , 'Secmarks file' );
+
+    if ( $secmark eq 'COMMENT' ) {
+	process_comment;
+	return;
+    }
 
     my %chns = ( T => 'tcpost'  ,
 		 P => 'tcpre'   ,
@@ -1385,8 +1390,8 @@ sub process_secmark_rule() {
 
     fatal_error "Invalid or missing CHAIN ( $chain )" unless $chain1;
 
-    my $target = $mark eq 'SAVE'    ? 'CONNSECMARK --save' :
-	         $mark eq 'RESTORE' ? 'CONNSECMARK --restore' :
+    my $target = $secmark eq 'SAVE'    ? 'CONNSECMARK --save' :
+	         $secmark eq 'RESTORE' ? 'CONNSECMARK --restore' :
 		 "SECMARK --selctx $secmark";
 
     my $disposition = $target;