Phil Sutter <phil@xxxxxx> wrote: > Xtables-restore tries to reject rule commands in input which contain a > --table parameter (since it is adding this itself based on the previous > table line). Sadly getopt_long's flexibility makes it hard to get this > check right: Since the last fix, comments starting with a dash and > containing a 't' character somewhere later were rejected. Simple > example: > > | *filter > | -A FORWARD -m comment --comment "- allow this one" -j ACCEPT > | COMMIT > > To hopefully sort this once and for all, introduce is_table_param() > which should cover all possible variants of legal and illegal > parameters. Also add a test to make sure it does what it is supposed to. Thanks for adding a test for this. How did you generate it? The added code is pure voodoo magic to me, so I wonder if we can just remove the 'test for -t in iptables-restore files' code.
