summaryrefslogtreecommitdiffstats
path: root/iptables
diff options
context:
space:
mode:
Diffstat (limited to 'iptables')
-rw-r--r--iptables/nft-ipv4.c5
-rw-r--r--iptables/nft-ipv6.c5
2 files changed, 10 insertions, 0 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c
index 5e2857d3..cf985b73 100644
--- a/iptables/nft-ipv4.c
+++ b/iptables/nft-ipv4.c
@@ -432,6 +432,7 @@ static void nft_ipv4_save_counters(const void *data)
static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
{
const struct iptables_command_state *cs = data;
+ const char *comment;
int ret;
if (cs->fw.ip.iniface[0] != '\0') {
@@ -484,6 +485,10 @@ static int nft_ipv4_xlate(const void *data, struct xt_xlate *xl)
/* Always add counters per rule, as in iptables */
xt_xlate_add(xl, "counter ");
+ comment = xt_xlate_get_comment(xl);
+ if (comment)
+ xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+
ret = xlate_action(cs, !!(cs->fw.ip.flags & IPT_F_GOTO), xl);
return ret;
diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 0ee79575..92d37a02 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -392,6 +392,7 @@ static void xlate_ipv6_addr(const char *selector, const struct in6_addr *addr,
static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
{
const struct iptables_command_state *cs = data;
+ const char *comment;
int ret;
if (cs->fw6.ipv6.iniface[0] != '\0') {
@@ -435,6 +436,10 @@ static int nft_ipv6_xlate(const void *data, struct xt_xlate *xl)
/* Always add counters per rule, as in iptables */
xt_xlate_add(xl, "counter ");
+ comment = xt_xlate_get_comment(xl);
+ if (comment)
+ xt_xlate_add(xl, "comment \\\"%s\\\" ", comment);
+
ret = xlate_action(cs, !!(cs->fw6.ipv6.flags & IP6T_F_GOTO), xl);
return ret;