Modify

Opened 5 years ago

Closed 5 years ago

Last modified 4 years ago

#12999 closed defect (fixed)

r35484 broke firewall DROP/REJECT logging.

Reported by: andrew@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: packages Version: Trunk
Keywords: firewall logging Cc: jow

Description

Line 254 of core_init.sh breaks firewall DROP/REJECT logging in r35484.

When I reload firewall rules I get this, for a bunch of different zones.

Loading zones
Bad argument `internet):'
Try `iptables -h' or 'iptables --help' for more information.

The problem is this segment:

--log-prefix "$t($d $zone_name): "

The quotes are somehow lost during translation to the raw IP tables call, and "$zone_name):" is then no longer part of the log-prefix argument and is interpreted by iptables separately. Changing the space between $d and $zone_name solved this problem for me in r35604, but a better fix is probably needed.

Attachments (0)

Change History (3)

comment:1 Changed 5 years ago by Tom

This is still happening here in current trunk r35608.

root@OpenWrt:~# cat /etc/openwrt_version 
r35608
root@OpenWrt:~# /etc/init.d/firewall reload
Loading defaults
Loading synflood protection
Adding custom chains
Loading zones
Bad argument `wan):'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `wan):'
Try `ip6tables -h' or 'ip6tables --help' for more information.
Bad argument `wan):'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `wan):'
Try `ip6tables -h' or 'ip6tables --help' for more information.
Bad argument `wan):'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `wan):'
Try `ip6tables -h' or 'ip6tables --help' for more information.
Bad argument `wan):'
Try `iptables -h' or 'iptables --help' for more information.
Bad argument `wan):'
Try `ip6tables -h' or 'ip6tables --help' for more information.
Loading forwardings
Loading rules
Loading redirects
Loading includes
Loading interfaces

Replacing the space as suggested with e.g. --log-prefix "$t(${d}:$zone_name): " workarounds the issue

comment:2 Changed 5 years ago by jow

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in r35745 - thanks!

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.