Re: [Shorewall-users] Problem with Fedora 17 and comments / log commands with --log-prefix modifier

Mon, 18 Jun 2012 16:45:33 -0700 

-----Original Message-----
From: Tom Eastep [mailto:teas...@shorewall.net] 
Sent: Monday, June 18, 2012 11:09 AM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Problem with Fedora 17 and comments / log 
commands with --log-prefix modifier

On 06/18/2012 10:57 AM, Don Drohman wrote:
> Looks like attachments hung up in a filter somewhere due to size. Here are 
> all zipped.
>
> I will try the iptables test this evening.

Thanks. If you get the same results, please report the problem to 
Fedora. The iptables version is 1.4.12.2-5; I run 1.4.12.2 as released 
by the Netfilter team, and that code doesn't exhibit this incorrect 
behavior. So it must be something added by the Fedora folks.

-Tom
-- 


Correct on both counts.

1) Simple test

The ipt file had good data:

# Generated by iptables-save v1.4.12.2 on Mon Jun 18 16:21:35 2012
*filter
:INPUT ACCEPT [117:7793]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [129:13740]
:foo - [0:0]
-A foo -j LOG --log-prefix "foo bar"
-A foo -m comment --comment "foo bar" -j ACCEPT
COMMIT
# Completed on Mon Jun 18 16:21:35 2012


But using iptables-restore < ipt resulted in a mess:

Chain foo (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         LOG flags 0 level 4 prefix "--log-p"
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0   
         /* --comme */


2) Review of /var/lib/shorewall/.iptables-restore-input all had commands that 
looked correct.


I'm off to Fedora to file a bug report.

Thanks Tom

-Don



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to