Bug 37938 - iptables-restore fails when "--log-prefix" argument has spaces
iptables-restore fails when "--log-prefix" argument has spaces
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
David Lawrence
:
: 36418 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-26 19:27 EDT by Ben Liblit
Modified: 2007-04-18 12:32 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-04-26 19:46:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ben Liblit 2001-04-26 19:27:09 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)


When a saved iptables rule uses "--log-prefix" and the prefix string
contains spaces, iptables-restore reports an error and fails to restore the
rule properly.

Reproducible: Always
Steps to Reproduce:
1. Clear out all iptables rules, just to make sure we have a clean slate:

    # service iptables stop

2. Create any rule that jumps to the LOG target, and uses a log file prefix
containing spaces:

    # iptables -A FORWARD -j LOG --log-prefix 'forwarded packet:'

3. Save and then restore the iptables rules:

    # service iptables save
    # service iptables restart

Actual Results:  Observe the following output from the "restart" command:

    Flushing all current rules and user defined chains:        [  OK  ]
    Clearing all current rules and user defined chains:        [  OK  ]
    Applying iptables firewall rules:                          [  OK  ]
    Bad argument `packet:"'
    Try `iptables-restore -h' or 'iptables-restore --help' for more
information.
                                                               [FAILED]


Expected Results:  The "restart" command should have completed without
error, and the logging rule should have been properly restored:

    # iptables -L FORWARD
    Chain FORWARD (policy ACCEPT)
    target     prot opt source               destination         
    LOG        all  --  anywhere             anywhere           LOG level
warning prefix `forwarded packet:' 


The saved rule in /etc/sysconfig/iptables puts the log prefix inside double
quotes, which seems sensible.  This suggests that iptables-save is doing
the right thing, and that the bug is in iptables-restore.
Comment 1 Ben Liblit 2001-04-26 19:46:35 EDT
Bug #37939 describes a related issue, whereby iptables-restore improperly adds
superfluous double quotes around the "log-prefix" argument.  I'm filing these as
distinct issues just to keep everything clear, but it is entirely possible that
both bugs are caused by the same incorrect rule parsing code in
iptables-restore.
Comment 2 Bernhard Rosenkraenzer 2001-05-09 07:08:10 EDT
Fixed in 1.2.2-1
Comment 3 Bernhard Rosenkraenzer 2001-05-22 13:09:55 EDT
*** Bug 36418 has been marked as a duplicate of this bug. ***
Comment 4 Brian Rozmierski 2001-07-07 15:58:09 EDT
Will there be a RH7.1 errata for the iptable problems?

Note You need to log in before you can comment on or make changes to this bug.