From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686) When a saved iptables rule uses "--log-prefix" and the prefix string contains spaces, iptables-restore reports an error and fails to restore the rule properly. Reproducible: Always Steps to Reproduce: 1. Clear out all iptables rules, just to make sure we have a clean slate: # service iptables stop 2. Create any rule that jumps to the LOG target, and uses a log file prefix containing spaces: # iptables -A FORWARD -j LOG --log-prefix 'forwarded packet:' 3. Save and then restore the iptables rules: # service iptables save # service iptables restart Actual Results: Observe the following output from the "restart" command: Flushing all current rules and user defined chains: [ OK ] Clearing all current rules and user defined chains: [ OK ] Applying iptables firewall rules: [ OK ] Bad argument `packet:"' Try `iptables-restore -h' or 'iptables-restore --help' for more information. [FAILED] Expected Results: The "restart" command should have completed without error, and the logging rule should have been properly restored: # iptables -L FORWARD Chain FORWARD (policy ACCEPT) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `forwarded packet:' The saved rule in /etc/sysconfig/iptables puts the log prefix inside double quotes, which seems sensible. This suggests that iptables-save is doing the right thing, and that the bug is in iptables-restore.
Bug #37939 describes a related issue, whereby iptables-restore improperly adds superfluous double quotes around the "log-prefix" argument. I'm filing these as distinct issues just to keep everything clear, but it is entirely possible that both bugs are caused by the same incorrect rule parsing code in iptables-restore.
Fixed in 1.2.2-1
*** Bug 36418 has been marked as a duplicate of this bug. ***
Will there be a RH7.1 errata for the iptable problems?