Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 52550 - iptables-save/iptables-restore messes up the --log-prefix
iptables-save/iptables-restore messes up the --log-prefix
Status: CLOSED DUPLICATE of bug 51078
Product: Red Hat Linux
Classification: Retired
Component: iptables (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bernhard Rosenkraenzer
Depends On:
  Show dependency treegraph
Reported: 2001-08-24 18:50 EDT by Tommy McNeely
Modified: 2008-05-01 11:38 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2001-08-24 21:56:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tommy McNeely 2001-08-24 18:50:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.76C-CCK-MCD Netscape [en] (X11; U; SunOS 5.8 sun4u)

Description of problem:
When using iptables-save and iptables-restore with a --log-prefix, the
prefix will continually get put in more and more quote marks...

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. iptables -A MyDROP -m limit --limit 5/min -j LOG --log-prefix "DROPPED:"
2. /etc/init.d/iptables save
3. /etc/init.d/iptables start

(repeat steps 2 and 3 as you are testing/building a firewall)

Actual Results:  limit: avg 5/min burst 5 LOG level warning prefix

Expected Results:  limit: avg 5/min burst 5 LOG level warning prefix

Additional info:

iptables-save and/or iptables-restore seem to mess up the --log-prefix by
adding nested quotes (single when it restores on the outside)

[root@stan sysconfig]# tail /etc/sysconfig/iptables
[0:0] -A AlwaysDrop -s -i eth1 -j MyDROP 
[0:0] -A AlwaysDrop -s -i eth1 -j MyDROP 
[0:0] -A AlwaysDrop -s -i eth1 -j MyDROP 
[0:0] -A AlwaysDrop -s -i eth1 -j MyDROP 
[0:0] -A MyDROP -m limit --limit 5/min -j LOG --log-prefix ""DROPPED:"" 
[0:0] -A MyDROP -j DROP 
[7:456] -A MyREJECT -m limit --limit 5/min -j LOG --log-prefix
[7:456] -A MyREJECT -j REJECT --reject-with icmp-proto-unreachable 
# Completed on Fri Aug 24 16:59:28 2001
[root@stan sysconfig]# 

Note: I am using a MyDROP rule to log and drop, but I have tried it
directly in the INPUT as well.

so it looks like save puts double quotes.. and restore puts a single quote
around the whole thing.. it makes for some funny looking logfiles after
about 10 times :)

Please note that Bug # 51078 (for RHL 7.1) also breaks this version...
iptables-save/restore cannot handle spaces in the log-prefix either.
Comment 1 Tommy McNeely 2001-08-24 21:44:40 EDT
um.. lets file this as imma dumbass... I forgot my firewall machine is 7.1
still...  :(

These scripts work fine in roswell2

Works fine on this one
[root@kyle root]# rpm -q iptables
[root@kyle root]# cat /etc/redhat-release 
Red Hat Linux release 7.1.94 (Roswell)
[root@kyle root]# 

Doesnt work on this one
[root@stan /root]# rpm -q iptables
[root@stan /root]# cat /etc/redhat-release 
Red Hat Linux release 7.1 (Seawolf)
[root@stan /root]# 

Comment 2 Tommy McNeely 2001-08-24 21:56:55 EDT
ok.. so I have finally figured out how to change the category of this bug.. it
is now under RHL 7.1 like it should have been the whole time.. now this could
almost be a duplicate of  Bug # 51078 but it doesnt specifically say anything
about quotes.. it is more dealing with spaces, although I think it is probably
the same problem.

Comment 3 Bernhard Rosenkraenzer 2001-08-25 05:38:37 EDT
Yes, it was fixed by the same patch.

*** This bug has been marked as a duplicate of 51078 ***

Note You need to log in before you can comment on or make changes to this bug.