Displaying 2 results from an estimated 2 matches for "testchain".
2017 May 21
3
[Bug 1150] New: Iptables fails to match rules with malloc perturberation activated
...on allocated memory being
initialized to zero, or reuse values in memory that has already been freed."
It appears iptables in some cases do this.
I haven't figured out exactly what conditions trigger the bug, but here is one
way to reliably reproduce the behaviour:
iptables -t nat -N testchain
iptables -t nat -A testchain -j SNAT --to-source 1.2.3.4
MALLOC_PERTURB_=42 iptables -t nat -D testchain -j SNAT --to-source 1.2.3.4
The last command gives the error message
iptables: No chain/target/match by that name.
The rule I try to remove is still present. If I disable malloc per...
2017 Aug 15
1
[Bug 1168] New: type nat hook output doesn't work anymore
...llowing I my logs :
```
…
OUTPUT NAT IP: IN …
…
```
Today (15/08/2017) I wanted to replace the following iptables rule :
```
iptables -t nat -A OUTPUT -d … -p tcp --dport 80 -m owner \! --uid-owner nobody
-j REDIRECT --to-port 12345
```
I tried :
```
table ip testtable {
chain testchain {
type nat hook output priority 0; policy accept;
ip daddr … tcp dport 80 meta skuid != nobody redirect to 12345
}
}
```
But it didn't worked.
I tried the tests I did back in may but "OUTPUT NAT IP" doesn't show up anymore
in my logs.
I t...