iptables-restore rejects LOG syntax

fukawi2 / husk

Natural-language DSL for iptables/netfilter firewall rules.

http://huskfw.info

6 stars 1 forks source link

iptables-restore rejects LOG syntax #11

Closed fukawi2 closed 11 years ago

fukawi2 commented 11 years ago

The latest iptables-restore on CentOS 5.9 rejects the LOG syntax generated by husk:

/tmp # fire
ERROR: The following line was not accepted by the kernel
-A x_NET_ME -m limit --limit 4/minute --limit-burst 3 -j LOG --log-prefix="[x_NET_ME] "

Feeding iptables-restore manually shows the problem is with the LOG target

/tmp # husk -4 | iptables-restore 
iptables-restore v1.3.5: Unknown arg `LOG'
Error occurred at line: 26

fukawi2 commented 11 years ago

After experimentation, it appears the syntax requirements have been tightened:

minute needs to be min
The equal sign after --log-prefix needs to be removed.

Annoyingly, iptables will still accept the rule, only iptables-restore requires the strict syntax.

fukawi2 commented 11 years ago

Resolved in commit fbf5490