In iptables v1.8.10, iptables-translate has a small parse error; it doesn't like log prefix that has a trailing space: ---------------- [root@kvm64-62 sbin]# iptables-save|grep -- "^-.*LOG" |while read a; do echo -e "\n$a"; iptables-translate $a;done -A invdrop -j LOG --log-prefix "Denied-by-mangle:invdrop " Bad argument `"' Try `iptables-translate -h' or 'iptables-translate --help' for more information. -A INPUT -j LOG --log-prefix "Denied-by-filter:INPUT " Bad argument `"' Try `iptables-translate -h' or 'iptables-translate --help' for more information. -A FORWARD -j LOG --log-prefix "Denied-by-filter:FORWARD " Bad argument `"' Try `iptables-translate -h' or 'iptables-translate --help' for more information. -A lldrop -j LOG --log-prefix "Denied-by-filter:lldrop " Bad argument `"' Try `iptables-translate -h' or 'iptables-translate --help' for more information. -A restrict_remote -j LOG --log-prefix "Denied-by-filter:rstr_rem " Bad argument `"' Try `iptables-translate -h' or 'iptables-translate --help' for more information. -A tndrop -j LOG --log-prefix "Denied-by-filter:tndrop " Bad argument `"' Try `iptables-translate -h' or 'iptables-translate --help' for more information. [root@kvm64-62 sbin]# ---------------- It accepts the rest of the 345 rules without complaint. Neal
