Re: make ping executable by normal users?
On Mon 06 Jun 2016 at 15:27:16 (+0000), Mark Fletcher wrote:
> On Mon, 6 Jun 2016 at 23:15, Santiago Vila <sanvila@unex.es> wrote:
>
> > On Mon, Jun 06, 2016 at 10:06:54AM +1200, Jan Bakuwel wrote:
> > > Check your firewall rules.
> >
> > It can't be firewall rules. Try this to block outgoing ping:
> >
> > iptables -A OUTPUT -p icmp --icmp-type echo-request -j REJECT
> >
> > then try to ping anywhere. You will get a different error message,
> > namely "Destination Port Unreachable".
> >
> > [ Why people do not read all messages in the thread before answering
> > is a mystery to me ].
> No, that's not true, you definitely can get this very error due to
> something to do with the firewall, maybe it's not able to resolve the ping
> target rather than not able to reach the resulting host, I'm damned if I
> can remember the specifics but I've definitely seen this happen on an lfs
> box before and it was nothing to do with perms (as I said before, to your
> point about people not reading the whole thread...)
I don't understand this argument.
Why would ping bother to open a socket to a host it couldn't resolve?
I know precious little about firewall rules, but AIUI the rules
determine whether to respond with things like Drop, Reject, Deny.
Now the OP didn't manage to open a socket; that's in the error message:
"ping: icmp open socket: Operation not permitted"
So how would ping find out how the firewall was going to react to its
ping message without opening a socket to send something?
Cheers,
David.
Reply to: