Bug 37938 - iptables-restore fails when "--log-prefix" argument has spaces
Summary: iptables-restore fails when "--log-prefix" argument has spaces
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: iptables   
(Show other bugs)
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: David Lawrence
: 36418 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2001-04-26 23:27 UTC by Ben Liblit
Modified: 2007-04-18 16:32 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-04-26 23:46:39 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ben Liblit 2001-04-26 23:27:09 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)

When a saved iptables rule uses "--log-prefix" and the prefix string
contains spaces, iptables-restore reports an error and fails to restore the
rule properly.

Reproducible: Always
Steps to Reproduce:
1. Clear out all iptables rules, just to make sure we have a clean slate:

    # service iptables stop

2. Create any rule that jumps to the LOG target, and uses a log file prefix
containing spaces:

    # iptables -A FORWARD -j LOG --log-prefix 'forwarded packet:'

3. Save and then restore the iptables rules:

    # service iptables save
    # service iptables restart

Actual Results:  Observe the following output from the "restart" command:

    Flushing all current rules and user defined chains:        [  OK  ]
    Clearing all current rules and user defined chains:        [  OK  ]
    Applying iptables firewall rules:                          [  OK  ]
    Bad argument `packet:"'
    Try `iptables-restore -h' or 'iptables-restore --help' for more

Expected Results:  The "restart" command should have completed without
error, and the logging rule should have been properly restored:

    # iptables -L FORWARD
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    LOG        all  --  anywhere             anywhere           LOG level
warning prefix `forwarded packet:' 

The saved rule in /etc/sysconfig/iptables puts the log prefix inside double
quotes, which seems sensible.  This suggests that iptables-save is doing
the right thing, and that the bug is in iptables-restore.

Comment 1 Ben Liblit 2001-04-26 23:46:35 UTC
Bug #37939 describes a related issue, whereby iptables-restore improperly adds
superfluous double quotes around the "log-prefix" argument.  I'm filing these as
distinct issues just to keep everything clear, but it is entirely possible that
both bugs are caused by the same incorrect rule parsing code in

Comment 2 Bernhard Rosenkraenzer 2001-05-09 11:08:10 UTC
Fixed in 1.2.2-1

Comment 3 Bernhard Rosenkraenzer 2001-05-22 17:09:55 UTC
*** Bug 36418 has been marked as a duplicate of this bug. ***

Comment 4 Brian Rozmierski 2001-07-07 19:58:09 UTC
Will there be a RH7.1 errata for the iptable problems?

Note You need to log in before you can comment on or make changes to this bug.