52550 – iptables-save/iptables-restore messes up the --log-prefix

Bug 52550 - iptables-save/iptables-restore messes up the --log-prefix

Summary: iptables-save/iptables-restore messes up the --log-prefix

Keywords:
Status:	CLOSED DUPLICATE of bug 51078
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	iptables
Sub Component:
Version:	7.1
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Bernhard Rosenkraenzer
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-08-24 22:50 UTC by Tommy McNeely
Modified:	2008-05-01 15:38 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-08-25 01:56:59 UTC
Embargoed:

Attachments	(Terms of Use)

Description Tommy McNeely 2001-08-24 22:50:44 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.76C-CCK-MCD Netscape [en] (X11; U; SunOS 5.8 sun4u)

Description of problem:
When using iptables-save and iptables-restore with a --log-prefix, the
prefix will continually get put in more and more quote marks...

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. iptables -A MyDROP -m limit --limit 5/min -j LOG --log-prefix "DROPPED:"
2. /etc/init.d/iptables save
3. /etc/init.d/iptables start

(repeat steps 2 and 3 as you are testing/building a firewall)
	

Actual Results:  limit: avg 5/min burst 5 LOG level warning prefix
`""DROPPED:""' 


Expected Results:  limit: avg 5/min burst 5 LOG level warning prefix
"DROPPED:"

Additional info:

iptables-save and/or iptables-restore seem to mess up the --log-prefix by
adding nested quotes (single when it restores on the outside)

[root@stan sysconfig]# tail /etc/sysconfig/iptables
[0:0] -A AlwaysDrop -s 10.0.0.0/255.0.0.0 -i eth1 -j MyDROP 
[0:0] -A AlwaysDrop -s 172.16.0.0/255.240.0.0 -i eth1 -j MyDROP 
[0:0] -A AlwaysDrop -s 192.168.0.0/255.255.0.0 -i eth1 -j MyDROP 
[0:0] -A AlwaysDrop -s 224.0.0.0/255.0.0.0 -i eth1 -j MyDROP 
[0:0] -A MyDROP -m limit --limit 5/min -j LOG --log-prefix ""DROPPED:"" 
[0:0] -A MyDROP -j DROP 
[7:456] -A MyREJECT -m limit --limit 5/min -j LOG --log-prefix
""REJECTED:"" 
[7:456] -A MyREJECT -j REJECT --reject-with icmp-proto-unreachable 
COMMIT
# Completed on Fri Aug 24 16:59:28 2001
[root@stan sysconfig]# 

Note: I am using a MyDROP rule to log and drop, but I have tried it
directly in the INPUT as well.

so it looks like save puts double quotes.. and restore puts a single quote
around the whole thing.. it makes for some funny looking logfiles after
about 10 times :)

Please note that Bug # 51078 (for RHL 7.1) also breaks this version...
iptables-save/restore cannot handle spaces in the log-prefix either.

Comment 1 Tommy McNeely 2001-08-25 01:44:40 UTC

um.. lets file this as imma dumbass... I forgot my firewall machine is 7.1
still...  :(

These scripts work fine in roswell2

Works fine on this one
----------------
[root@kyle root]# rpm -q iptables
iptables-1.2.2-3
[root@kyle root]# cat /etc/redhat-release 
Red Hat Linux release 7.1.94 (Roswell)
[root@kyle root]# 


Doesnt work on this one
------------------
[root@stan /root]# rpm -q iptables
iptables-1.2.1a-1
[root@stan /root]# cat /etc/redhat-release 
Red Hat Linux release 7.1 (Seawolf)
[root@stan /root]# 


Tommy

Comment 2 Tommy McNeely 2001-08-25 01:56:55 UTC

ok.. so I have finally figured out how to change the category of this bug.. it
is now under RHL 7.1 like it should have been the whole time.. now this could
almost be a duplicate of  Bug # 51078 but it doesnt specifically say anything
about quotes.. it is more dealing with spaces, although I think it is probably
the same problem.

Tommy

Comment 3 Bernhard Rosenkraenzer 2001-08-25 09:38:37 UTC

Yes, it was fixed by the same patch.


*** This bug has been marked as a duplicate of 51078 ***

Note You need to log in before you can comment on or make changes to this bug.