How get a space after the log-prefix?

William Stearns wstearns@pobox.com
Sat, 10 Jun 2000 19:13:33 -0400 (EDT) 

Good evening, Brian,

On Sat, 10 Jun 2000, Brian J. Murrell wrote:

> James Morris <jmorris@intercode.com.au> wrote:
> > On Sat, 10 Jun 2000, Brian J. Murrell wrote:
> > 
> > > Greg Hinton <zenbum@websalad.net> wrote:
> > > > 
> > > > I use:
> > > > 
> > > >     --log-prefix "Dropped: "
> > > > 
> > > > and it works fine with iptables 1.1.0/kernel 2.4.0-test1.  Perhaps
> > the
> > > > equals sign is the problem.
> > > 
> > > Hmmmm.  I am too on 2.4.0-test1-ac10 iptables 1.1.0 and when I use:
> > > 
> > > -A drop-log -j LOG --log-level notice --log-prefix "DENY "
> > > 
> > > I get
> > > 
> > > Bad argument `"'
> > > Try `iptables -h' or 'iptables --help' for more information.
> > 
> > Hmm, this exact command (pasted from your message) is working fine
> > here.
> > Perhaps it's a shell issue?
> 
> ~BLECH~  I hate it when that happens.  When I do the command at the
> command line, I too get success.  However I install rules with this
> shell fragment:
> 
>         while read line; do
>                 /usr/bin/iptables $line
>         done 

	The following:
cat rules
-A FORWARD -m state --state INVALID -j LOG --log-level notice --log-prefix "INVALID "

cat rules | ( while read line ; do eval iptables $line ; done )

iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere           state INVALID LOG level notice prefix `INVALID '

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

	seems to work fine; note the _eval_.

> 
> which reads from a data file like:
> 
> -A FORWARD -p udp -s 0.0.0.0/0 --sport 500 -d 38.170.88.2/32 --dport 500
> -i eth0 -j ACCEPT
> -A FORWARD -p udp -s 0.0.0.0/0 --sport 500 -d 38.170.88.3/32 --dport 500
> -i eth0 -j ACCEPT
> -A FORWARD -m state --state INVALID -j LOG --log-level notice
> --log-prefix "INVALID "
> 
> So this is indeed a shell issue.  I will have to figure out what it is
> bitching about exactly tomorrow.  It is time to go home for the evening
> already.

	Cheers,
	- Bill

---------------------------------------------------------------------------
	"Architect: someone who knows the difference between what could be
done and what should be done".
	-- Larry McVoy <lm@bitmover.com>
--------------------------------------------------------------------------
William Stearns (wstearns@pobox.com).  Mason, Buildkernel, named2hosts, 
and ipfwadm2ipchains are at:                http://www.pobox.com/~wstearns
LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com
--------------------------------------------------------------------------