diff --git a/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py b/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py index d7b75022b..e8bacd894 100644 --- a/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py +++ b/neutron_fwaas/services/logapi/agents/drivers/iptables/log.py @@ -511,9 +511,7 @@ class IptablesLoggingDriver(log_ext.LoggingDriver): match_rule += ['--limit-burst %s' % self.burst_limit] target = ['-j', 'NFLOG'] if prefix: - # NOTE: There is an extra space after 'nflog-prefix' in - # iptables-save output, account for it here. - target += ['--nflog-prefix ', '%s' % prefix] + target += ['--nflog-prefix', '%s' % prefix] args = direction_config + match_rule + target return args diff --git a/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py b/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py index 1243ce86b..55f6dbf12 100644 --- a/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py +++ b/neutron_fwaas/tests/functional/services/logapi/agents/drivers/iptables/test_log.py @@ -189,23 +189,23 @@ class FWLoggingTestBase(framework.L3AgentTestFramework): if event in [ACCEPT, ALL]: # Generate iptables rules for ACCEPT action prefix = self._get_log_prefix(port_id, ACCEPT) - rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s' + rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s' % (accept_chain, device, limit, prefix.id)) - rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s' + rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s' % (accept_chain, device, limit, prefix.id)) if event in [DROP, ALL]: # Generate iptables rules for DROP action prefix = self._get_log_prefix(port_id, DROP) - rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s' + rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s' % (drop_chain, device, limit, prefix.id)) - rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s' + rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s' % (drop_chain, device, limit, prefix.id)) # Generate iptables rules for REJECT action - rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s' + rules.add('-A %s -i %s -m %s -j NFLOG --nflog-prefix %s' % (reject_chain, device, limit, prefix.id)) - rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s' + rules.add('-A %s -o %s -m %s -j NFLOG --nflog-prefix %s' % (reject_chain, device, limit, prefix.id)) return rules diff --git a/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py b/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py index 85d895785..8ea16cc33 100644 --- a/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py +++ b/neutron_fwaas/tests/unit/services/logapi/agents/drivers/iptables/test_log.py @@ -315,16 +315,16 @@ class BaseIptablesLogTestCase(base.BaseTestCase): def _fake_nflog_rule_v4v6(self, device, tag): v4_nflog_rule = ['-i %s -m limit --limit %s/sec --limit-burst %s ' - '-j NFLOG --nflog-prefix %s' + '-j NFLOG --nflog-prefix %s' % (device, FAKE_RATE, FAKE_BURST, tag)] v4_nflog_rule += ['-o %s -m limit --limit %s/sec --limit-burst %s ' - '-j NFLOG --nflog-prefix %s' + '-j NFLOG --nflog-prefix %s' % (device, FAKE_RATE, FAKE_BURST, tag)] v6_nflog_rule = ['-i %s -m limit --limit %s/sec --limit-burst %s ' - '-j NFLOG --nflog-prefix %s' + '-j NFLOG --nflog-prefix %s' % (device, FAKE_RATE, FAKE_BURST, tag)] v6_nflog_rule += ['-o %s -m limit --limit %s/sec --limit-burst %s ' - '-j NFLOG --nflog-prefix %s' + '-j NFLOG --nflog-prefix %s' % (device, FAKE_RATE, FAKE_BURST, tag)] return v4_nflog_rule, v6_nflog_rule