Re: make ping executable by normal users?
On Mon 06 Jun 2016 at 18:47:30 (+0300), Reco wrote:
> On Mon, Jun 06, 2016 at 03:57:47PM +0200, Santiago Vila wrote:
> > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > Check your firewall rules.
> >
> > It can't be firewall rules. Try this to block outgoing ping:
> >
> > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT
> >
> > then try to ping anywhere. You will get a different error message,
> > namely "Destination Port Unreachable".
>
> But if you transform the rule in question a little, like this:
>
> iptables -I OUTPUT -p icmp --icmp-type echo-request \
> -j REJECT --reject-with icmp-admin-prohibited
>
> ping will respond with 'Operation not permitted'. An exact wording of the
> message seems to depend on actual ping implementation.
>
> So, checking firewall rules is a valid advice. It's just this particular
> problem happens due to lack of file capabilities.
# iptables -I OUTPUT -p icmp --icmp-type echo-request -j REJECT --reject-with icmp-admin-prohibited
$ ping alum.local
PING alum.local (192.168.1.19) 56(84) bytes of data.
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
>From 192.168.1.15 icmp_seq=1 Packet filtered
ping: sendmsg: Operation not permitted
ping: recvmsg: No route to host
ping: recvmsg: No route to host
ping: recvmsg: No route to host
ping: recvmsg: No route to host
ping: recvmsg: No route to host
[ad infinitum]
[reboot]
Cheers,
David.
Reply to: