#4123 iptables comment bug - Debian, 1.590

My config: using '--comment option' and directly editing firewall rules instead of a save file.
Adding a comment works when the comment is 1 word only.
Using multiple words causes the comment to be added as '--comment'.
For instance, I created 2 rules, commented the first with 'Loopback' and the second with "Whitelisted IPs", and here are the results:
-A INPUT -i lo -m comment --comment Loopback -j ACCEPT
-A INPUT -m comment --comment --comment -j White-IP
After this happens, the mangled 'double --comment' comments are not shown in the UI, and the rule cannot be edited again in the UI.
I end up having to 'iptables-save > tmp', then edit the tmp file, then 'iptables-restore < tmp' to fix the problems.


    Do you see this save bug if updating an IPtables save filed, instead of editing rules directly?

    BTW, when editing live rules with Webmin 1.590 on CentOS 6.3, I wasn't able to reproduce this issue.

    When you entered the command, did you enter any " or ' character?

  • When using a save file, the comment gets added properly for that entry, in a different order on the line:
    -A INPUT -m comment -j White-IP --comment "Whitelisted IPs"
    However, when doing it that way, it ruins the rest of the file by creating 'blank' comments that aren't compatible with 'iptables-restore' :
    iptables-restore v1.4.14: option "--comment" requires an argument
    The line causing that error is the one right after the White-IP chain:
    -A INPUT -m comment -j Black-IP --comment

  • I never used any quoting characters, just ASCII letters and spaces from an American qwerty 104-key keyboard.

    So editing a rule causes the *previous* rule to get a --comment flag with no value? Did you perhaps create a comment that contained only spaces? Because I just noticed that Webmin doesn't handle that case properly..