https://bugzilla.novell.com/show_bug.cgi?id=793228 https://bugzilla.novell.com/show_bug.cgi?id=793228#c0 Summary: iptables logging is defective in version 1.4.14 Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: All OS/Version: openSUSE 12.2 Status: NEW Severity: Major Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: spamme@ecybernard.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 All distro that use iptables 1.4.14 need to be upgraded. -A INPUT -J LOG --log-prefix "asdfasdfsad" results in this being logged: --log-prefix ============= instead of: asdfasdfsad please upgrade iptables to at least 1.4.15 if not 1.4.16.3 in all distros. I filed a bug with iptables bug reporting previously. Also upgrade ipset the bundled version is also very old. Reproducible: Always Steps to Reproduce: 1. have iptables installed 2. try and use --log-prefix for anything for example 3. -A INPUT -J LOG --log-prefix "asdfasdfsad" Actual Results: --log-prefix Expected Results: asdfasdfsad This bug will break your ability to filter syslog based on pre-programmed log prefixes. Instead of getting the correct prefix all you get is "--log-prefix". iptables is a major part of security. As part of an automated security system you could filter the log output based on --log-prefix when it was working properly. You could have a --log-prefix "Intruder Alert" and then log to database and have an email fired off to admins based the occurrence of "Intruder Alert". The fix version 1.4.15 has existed since July 31,2012 but nobody has bothered to update to it. Version 1.4.16.3 already exists so please upgrade to this version. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.