Red Hat Bugzilla – Bug 36418
iptables-restore can't handle --log-prefix
Last modified: 2007-04-18 12:32:42 EDT
From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.4.3 i686; Nav) The iptables-restore command does not properly handle the --log-prefix command with the LOG target. Specifically, iptables-save adds double-quote marks around the output (which it should), but iptables-restore is unable to handle these double-quote marks properly. It chokes when spaces are contained in the quoted text, and even when spaces are not present it improperly adds the double-quotes as literals in the log message. This effectively breaks the /etc/sysconfig/iptables setup when logging is desired. Reproducible: Always Steps to Reproduce: $ iptables -A INPUT -j LOG --log-prefix "a b c" $ iptables-save > foo $ iptables-restore < foo Bad argument `b' Try `iptables-restore -h' or 'iptables-restore --help' for more information. Also: $ iptables -A INPUT -j LOG --log-prefix "a_b_c" $ iptables-save > foo $ iptables-restore < foo Results in log: (the log prefix should not be in quotes) Apr 18 01:00:19 ohio kernel: "a_b_c"IN=lo OUT= MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 DST=127.0.0.1 LEN=84 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=ICMP TYPE=0 CODE=0 ID=36155 SEQ=256
This is a duplicate of 37939 and 37938. (Or they are duplicates of this. Whatever.) It is reportedly fixed in iptables 1.2.2-1
*** This bug has been marked as a duplicate of 37938 ***