linux停用用户,linux–如何禁用用户的网络访问？

尝试禁用用户的网络访问&＃xff1a;

[root&＃64;notebook ~]# iptables -I OUTPUT -m owner --uid-owner tempuser -j DROP

[root&＃64;notebook ~]# ip6tables -I OUTPUT -m owner --uid-owner tempuser -j DROP

Could not open socket to kernel: Address family not supported by protocol

[root&＃64;notebook ~]#

[root&＃64;notebook ~]# iptables -I INPUT -m owner --uid-owner tempuser -j DROP

iptables: Invalid argument. Run &＃96;dmesg&＃39; for more information.

[root&＃64;notebook ~]# ip6tables -I INPUT -m owner --uid-owner tempuser -j DROP

Could not open socket to kernel: Address family not supported by protocol

[root&＃64;notebook ~]#

测试它&＃xff1a;

[root&＃64;notebook ~]# su - tempuser

[tempuser&＃64;notebook ~]$ping google.com

ping: unknown host google.com

[tempuser&＃64;notebook ~]$

[tempuser&＃64;notebook ~]$ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

64 bytes from 8.8.8.8: icmp_seq&＃61;1 ttl&＃61;56 time&＃61;4.80 ms

64 bytes from 8.8.8.8: icmp_seq&＃61;2 ttl&＃61;56 time&＃61;4.07 ms

^C

--- 8.8.8.8 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1057ms

rtt min/avg/max/mdev &＃61; 4.071/4.439/4.807/0.368 ms

[tempuser&＃64;notebook ~]$

[tempuser&＃64;notebook ~]$exit

logout

[root&＃64;notebook ~]# ping google.com

PING google.com (216.58.209.174) 56(84) bytes of data.

64 bytes from bud02s21-in-f14.1e100.net (216.58.209.174): icmp_seq&＃61;1 ttl&＃61;55 time&＃61;5.05 ms

^C

--- google.com ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 572ms

rtt min/avg/max/mdev &＃61; 5.059/5.059/5.059/0.000 ms

[root&＃64;notebook ~]#

问题&＃xff1a;如何在Linux下禁用给定用户的网络访问&＃xff1f; (INPUT / OUTPUT / IPv4 / IPv6&＃xff1f;) – 为什么我仍然可以与用户ping IPv4地址&＃xff1f;