search for: testchain

...on allocated memory being initialized to zero, or reuse values in memory that has already been freed." It appears iptables in some cases do this. I haven't figured out exactly what conditions trigger the bug, but here is one way to reliably reproduce the behaviour: iptables -t nat -N testchain iptables -t nat -A testchain -j SNAT --to-source 1.2.3.4 MALLOC_PERTURB_=42 iptables -t nat -D testchain -j SNAT --to-source 1.2.3.4 The last command gives the error message iptables: No chain/target/match by that name. The rule I try to remove is still present. If I disable malloc per...

...llowing I my logs : ``` … OUTPUT NAT IP: IN … … ``` Today (15/08/2017) I wanted to replace the following iptables rule : ``` iptables -t nat -A OUTPUT -d … -p tcp --dport 80 -m owner \! --uid-owner nobody -j REDIRECT --to-port 12345 ``` I tried : ``` table ip testtable { chain testchain { type nat hook output priority 0; policy accept; ip daddr … tcp dport 80 meta skuid != nobody redirect to 12345 } } ``` But it didn't worked. I tried the tests I did back in may but "OUTPUT NAT IP" doesn't show up anymore in my logs. I t...