Bugzilla – Bug 1147153
firewalld specifying prefix results in firewall log with wrong layout
Last modified: 2019-08-27 02:30:18 UTC
I use rich rule with prefix definition in firewalld. This results in wrong layout in firewall log. rich rule contains: rule service name="ssh" log prefix="PREFIX-SSH-PORT " level="info" which results in log line like: 2019-08-23T18:28:34.111823+02:00 eiktum kernel: [15742.399558] 'PREFIX-SSH-PORT 'IN=enp1s0 OUT= MAC=e0:cb:4e:cd:d7:b6:9c:c7:a6:0a:1f:48:08:00 SRC=213.73.155.186 DST=192.168.178.6 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=30018 DF PROTO=TCP SPT=41746 DPT=22 WINDOW=64240 RES=0x00 SYN URGP=0 The text " 'PREFIX-SSH-PORT '" should be " PREFIX-SSH-PORT ". iptables-save shows: --log-prefix "\'PREFIX-SSH-PORT \'"
A temporary fix is the following patch in : /usr/lib/python3.7/site-packages/firewall/core/ipXtables.py @@ -763,7 +763,7 @@ rule = [ add_del, "%s_log" % (target), "-t", table] rule += rule_fragment + [ "-j", "LOG" ] if rich_rule.log.prefix: - rule += [ "--log-prefix", "%s" % rich_rule.log.prefix ] + rule += [ "--log-prefix", "'%s'" % rich_rule.log.prefix ] if rich_rule.log.level: rule += [ "--log-level", "%s" % rich_rule.log.level ] rule += self._rule_limit(rich_rule.log.limit)