Bug 37939

From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)


iptables-save puts double quotes around the argument to "--log-prefix". 
When iptables-restore reinstalls a saved rule, it leaves the double quotes
in place.  Multiple rounds of save/restore accumulate additional extra
quotes.

Reproducible: Always
Steps to Reproduce:
1. Clear out all iptables rules, just to make sure we have a clean slate:

     # service iptables stop

2. Create any rule that jumps to the LOG target, and uses a log file
prefix:

    # iptables -A FORWARD -j LOG --log-prefix forwarded:

3. Save and reload the rules.  Do it several times in succession for
maximum effect:

    # service iptables save
    # service iptables restart
    # service iptables save
    # service iptables restart
    # service iptables save
    # service iptables restart
    # service iptables save
    # service iptables restart

4. List the current rules:

    # iptables -L FORWARD

Actual Results:  Extra sets of double quotes, one for each save/restore
pair:

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level
warning prefix `""""forwarded:""""' 


Expected Results:  No extra double quotes:

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
LOG        all  --  anywhere             anywhere           LOG level
warning prefix `forwarded:' 


Bug #37938 describes a related issue, whereby iptables-restore improperly
handles spaces in the quoted log-prefix argument.  I'm filing these as
distinct issues just to keep everything clear, but it is entirely possible
that both bugs are caused by the same incorrect rule parsing code in
iptables-restore.