If quotes are escaped, nft -f is unable to parse and load the translated ruleset. Signed-off-by: Pablo M. Bermudo Garay <pablombg@xxxxxxxxx> --- Changes in v3: - Add a new field to the iptables_command_state struct instead of propagate 'bool restore' argument. iptables/xshared.h | 1 + iptables/xtables-translate.c | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/iptables/xshared.h b/iptables/xshared.h index 6eb8eb8..18b1cf3 100644 --- a/iptables/xshared.h +++ b/iptables/xshared.h @@ -63,6 +63,7 @@ struct iptables_command_state { int proto_used; const char *jumpto; char **argv; + bool restore; }; typedef int (*mainfunc_t)(int, char **); diff --git a/iptables/xtables-translate.c b/iptables/xtables-translate.c index 3c577ed..689533f 100644 --- a/iptables/xtables-translate.c +++ b/iptables/xtables-translate.c @@ -70,7 +70,7 @@ int xlate_action(const struct iptables_command_state *cs, bool goto_set, .ip = (const void *)&cs->fw, .target = cs->target->t, .numeric = numeric, - .escape_quotes = true, + .escape_quotes = !cs->restore, }; ret = cs->target->xlate(xl, ¶ms); } @@ -97,7 +97,7 @@ int xlate_matches(const struct iptables_command_state *cs, struct xt_xlate *xl) .ip = (const void *)&cs->fw, .match = matchp->match->m, .numeric = numeric, - .escape_quotes = true, + .escape_quotes = !cs->restore, }; if (!matchp->match->xlate) @@ -226,6 +226,8 @@ static int do_command_xlate(struct nft_handle *h, int argc, char *argv[], do_parse(h, argc, argv, &p, &cs, &args); + cs.restore = restore; + if (!restore) printf("nft "); -- 2.9.3 -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html