imnozi@xxxxxxxxx <imnozi@xxxxxxxxx> wrote: > In iptables v1.8.10, iptables-translate has a small parse error; it doesn't like log prefix that has a trailing space: > [root@kvm64-62 sbin]# iptables-save|grep -- "^-.*LOG" |while read a; do echo -e "\n$a"; iptables-translate $a;done > > -A invdrop -j LOG --log-prefix "Denied-by-mangle:invdrop " > Bad argument `"' Thats because iptables doesn't support it either: iptables -A INPUT -j LOG --log-prefix \"Denied-by-filter:rstr_rem \" Bad argument `"' This works with iptables -A ... because shell removes the "" before passing it on to iptables, so you could amend your script to use bash -c "iptables -A ...". or, simpler yet, try: iptables-save | iptables-restore-translate -f /dev/stdin This should work.
