Ah. Does iptables now auto-insert a space between the prefix and the message? 1.6.0 didn't, which is why I added those spaces years ago. But then, how does iptables-translate grouse about the '"' being a bad arg if the shell strips the quotes out? I suppose I could try putting a naked "\ " at the end of the prefix; maybe that would work. N On Sat, 28 Sep 2024 10:58:51 +0200 Florian Westphal <fw@xxxxxxxxx> wrote: > imnozi@xxxxxxxxx <imnozi@xxxxxxxxx> wrote: > > In iptables v1.8.10, iptables-translate has a small parse error; it doesn't like log prefix that has a trailing space: > > > [root@kvm64-62 sbin]# iptables-save|grep -- "^-.*LOG" |while read a; do echo -e "\n$a"; iptables-translate $a;done > > > > -A invdrop -j LOG --log-prefix "Denied-by-mangle:invdrop " > > Bad argument `"' > > Thats because iptables doesn't support it either: > > iptables -A INPUT -j LOG --log-prefix \"Denied-by-filter:rstr_rem \" > Bad argument `"' > > This works with iptables -A ... because shell removes the "" before > passing it on to iptables, so you could amend your script to use > bash -c "iptables -A ...". > > or, simpler yet, try: > > iptables-save | iptables-restore-translate -f /dev/stdin > > This should work.
