From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686) iptables-save puts double quotes around the argument to "--log-prefix". When iptables-restore reinstalls a saved rule, it leaves the double quotes in place. Multiple rounds of save/restore accumulate additional extra quotes. Reproducible: Always Steps to Reproduce: 1. Clear out all iptables rules, just to make sure we have a clean slate: # service iptables stop 2. Create any rule that jumps to the LOG target, and uses a log file prefix: # iptables -A FORWARD -j LOG --log-prefix forwarded: 3. Save and reload the rules. Do it several times in succession for maximum effect: # service iptables save # service iptables restart # service iptables save # service iptables restart # service iptables save # service iptables restart # service iptables save # service iptables restart 4. List the current rules: # iptables -L FORWARD Actual Results: Extra sets of double quotes, one for each save/restore pair: Chain FORWARD (policy ACCEPT) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `""""forwarded:""""' Expected Results: No extra double quotes: Chain FORWARD (policy ACCEPT) target prot opt source destination LOG all -- anywhere anywhere LOG level warning prefix `forwarded:' Bug #37938 describes a related issue, whereby iptables-restore improperly handles spaces in the quoted log-prefix argument. I'm filing these as distinct issues just to keep everything clear, but it is entirely possible that both bugs are caused by the same incorrect rule parsing code in iptables-restore.
Fixed in 1.2.2-1