Red Hat Bugzilla – Bug 37938
iptables-restore fails when "--log-prefix" argument has spaces
Last modified: 2007-04-18 12:32:52 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)
When a saved iptables rule uses "--log-prefix" and the prefix string
contains spaces, iptables-restore reports an error and fails to restore the
Steps to Reproduce:
1. Clear out all iptables rules, just to make sure we have a clean slate:
# service iptables stop
2. Create any rule that jumps to the LOG target, and uses a log file prefix
# iptables -A FORWARD -j LOG --log-prefix 'forwarded packet:'
3. Save and then restore the iptables rules:
# service iptables save
# service iptables restart
Actual Results: Observe the following output from the "restart" command:
Flushing all current rules and user defined chains: [ OK ]
Clearing all current rules and user defined chains: [ OK ]
Applying iptables firewall rules: [ OK ]
Bad argument `packet:"'
Try `iptables-restore -h' or 'iptables-restore --help' for more
Expected Results: The "restart" command should have completed without
error, and the logging rule should have been properly restored:
# iptables -L FORWARD
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LOG all -- anywhere anywhere LOG level
warning prefix `forwarded packet:'
The saved rule in /etc/sysconfig/iptables puts the log prefix inside double
quotes, which seems sensible. This suggests that iptables-save is doing
the right thing, and that the bug is in iptables-restore.
Bug #37939 describes a related issue, whereby iptables-restore improperly adds
superfluous double quotes around the "log-prefix" argument. I'm filing these as
distinct issues just to keep everything clear, but it is entirely possible that
both bugs are caused by the same incorrect rule parsing code in
Fixed in 1.2.2-1
*** Bug 36418 has been marked as a duplicate of this bug. ***
Will there be a RH7.1 errata for the iptable problems?