From 7a9e72881cdd242c6d2799fe3748bb40f2ec37f5 Mon Sep 17 00:00:00 2001
From: Brielle <bruns@2mbit.com>
Date: Sat, 29 Nov 2014 12:40:12 -0700
Subject: [PATCH] Looks like we don't need quotes since its at the end of the
 options

---
 etc/ipv4/acl.conf     | 5 ++---
 etc/ipv4/forward.conf | 3 +--
 etc/ipv4/nat.conf     | 1 -
 etc/ipv6/acl.conf     | 3 +--
 etc/ipv6/forward.conf | 3 +--
 etc/ipv6/nat.conf     | 2 +-
 lib/iptables.inc      | 1 -
 7 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/etc/ipv4/acl.conf b/etc/ipv4/acl.conf
index 2a9655d..abfc13c 100644
--- a/etc/ipv4/acl.conf
+++ b/etc/ipv4/acl.conf
@@ -15,12 +15,11 @@
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
 # State: Optional, set the connection tracking states ( comma separated list )
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
-#	(must surround with quotes)
-
+#
 # You can use '-' for optional fields
 #============================================================
 #<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
 #IN ACCEPT eth0 10.0.0.1 22 - - tcp -
 #IN DROP - - - - 22 tcp syn
-#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - "-m policy --dir in --pol ipsec --proto esp"
+#IN ACCEPT eth0 192.168.0.0/24 - 192.168.1.0/24 - - - -m policy --dir in --pol ipsec --proto esp
 
diff --git a/etc/ipv4/forward.conf b/etc/ipv4/forward.conf
index b42da87..90f60cf 100644
--- a/etc/ipv4/forward.conf
+++ b/etc/ipv4/forward.conf
@@ -18,7 +18,6 @@
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
 # State: Optional, set the connection tracking states ( comma separated list )
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
-#	(must surround with quotes)
 #
 # You can use '-' for optional fields
 #============================================================
@@ -27,6 +26,6 @@
 #DROP eth1 192.168.2.0/24 eth0 0/0 no
 #DROP eth0 - eth1 192.168.0.0/24 no - 1:1024 tcp syn NEW
 #ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
-#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
+#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - -m policy --dir in --pol ipsec --proto esp
 
 
diff --git a/etc/ipv4/nat.conf b/etc/ipv4/nat.conf
index 6e674d9..f8d58e9 100644
--- a/etc/ipv4/nat.conf
+++ b/etc/ipv4/nat.conf
@@ -10,7 +10,6 @@
 # Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
 # Destination Address: Required for all but MASQ ( IP address with optional netmask )
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
-#	(must surround with quotes)
 # You can use '-' for optional fields
 #============================================================
 #<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
diff --git a/etc/ipv6/acl.conf b/etc/ipv6/acl.conf
index 528c997..485f7f2 100644
--- a/etc/ipv6/acl.conf
+++ b/etc/ipv6/acl.conf
@@ -15,11 +15,10 @@
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
 # State: Optional, set the connection tracking states ( comma separated list )
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
-#	(must surround with quotes)
 #
 # You can use '-' for optional fields
 #============================================================
 #<dir> <action> <interface> <src-address> <src-port> <dst-address> <dst-port> <protocol> <syn> <state> <custom>
 #IN ACCEPT eth0 2002:dead:beef::/64 22	- -	tcp -
 #IN DROP - - - - 22 tcp syn
-#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - "-m policy --dir in --pol ipsec --proto esp"
+#IN ACCEPT eth0 2002:dead:beef::/64 - 2002:dead:bfff::/64 - - - -m policy --dir in --pol ipsec --proto esp
diff --git a/etc/ipv6/forward.conf b/etc/ipv6/forward.conf
index f39fe19..8a0d3ef 100644
--- a/etc/ipv6/forward.conf
+++ b/etc/ipv6/forward.conf
@@ -18,7 +18,6 @@
 # Syn: Optional, only match (not) syn packets (syn | notsyn )
 # State: Optional, set the connection tracking states ( comma separated list )
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
-#	(must surround with quotes)
 #
 # You can use '-' for optional fields
 #============================================================
@@ -27,4 +26,4 @@
 #DROP eth1 2002::/64 eth0 2001::/3 no
 #DROP eth0 2001::/3 eth1 2002:dead:beef::/64 no - 1:1024 tcp syn
 #ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
-#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - "-m policy --dir in --pol ipsec --proto esp"
\ No newline at end of file
+#IN ACCEPT eth0 2002:dead:beef::/64 eth1 2002:dead:bfff::/64 yes - - - - - -m policy --dir in --pol ipsec --proto esp
diff --git a/etc/ipv6/nat.conf b/etc/ipv6/nat.conf
index 676b05f..75243ed 100644
--- a/etc/ipv6/nat.conf
+++ b/etc/ipv6/nat.conf
@@ -10,7 +10,7 @@
 # Destination Interface: Optional for all but MASQ ( interface name, aka eth0 )
 # Destination Address: Required for all but MASQ ( IP address with optional netmask )
 # Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
-#	(must surround with quotes)
+#
 # You can use '-' for optional fields
 #============================================================
 #<type> <src-interface> <src-address> <dst-interface> <dst-address> <custom>
diff --git a/lib/iptables.inc b/lib/iptables.inc
index 60ddd34..acd8173 100644
--- a/lib/iptables.inc
+++ b/lib/iptables.inc
@@ -486,7 +486,6 @@ function enable_nat {
 			[[ ${srcaddress} == "-" ]] && srcaddress=""
 			[[ ${custom} == "-" ]] && custom=""
 
-			
 			${VER_IPTABLES} -A ${NAT} -t nat ${srcaddress} ${action} ${dstinterface} ${dstaddress} ${custom}
 			#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED,NEW ${srcinterface} ${srcaddress} ${dstinterface} -j ACCEPT
 			#${VER_IPTABLES} -A ${FwdFilter} ${M_STATE} ${C_STATE} RELATED,ESTABLISHED ${revsrcinterface} ${revsrcaddress} ${revdstinterface} -j ACCEPT