Witam, mam taki mały kłopot z ip6tables w Debianie oraz modułem owner.
Domyślnie zabraniam całego ruchu ipv6 i zezwalam konkretnym userom.
Reguły ip6tables wyglądają tak:
# Generated by ip6tables-save v1.4.14 on Wed Aug 14 19:57:27 2013 *raw :PREROUTING ACCEPT [0:0] :OUTPUT ACCEPT [32:3204] COMMIT # Completed on Wed Aug 14 19:57:27 2013 # Generated by ip6tables-save v1.4.14 on Wed Aug 14 19:57:27 2013 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [32:3204] :POSTROUTING ACCEPT [5:396] COMMIT # Completed on Wed Aug 14 19:57:27 2013 # Generated by ip6tables-save v1.4.14 on Wed Aug 14 19:57:27 2013 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT DROP [12:1248] -A OUTPUT -m owner --uid-owner 20001 -j ACCEPT COMMIT # Completed on Wed Aug 14 19:57:27 2013
Jednak user o nazwie wy[UID:20001] nadal nie może dokonywać ping6. Po wyczyszczeniu firewalla wszystko działa.
[wy@d1]$>ping6 ipv6.google.com PING ipv6.google.com(par03s03-in-x14.1e100.net) 56 data bytes ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ping: sendmsg: Operation not permitted ^C --- ipv6.google.com ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2016ms
W czym może tkwić problem?