tomh4x
commented
3 years ago iptables does not work as non-root either, as you're modifying settings in part of the kernel (netfilter). Linux is designed this way.
Open matinats opened 4 years ago
tomh4x
commented
3 years ago iptables does not work as non-root either, as you're modifying settings in part of the kernel (netfilter). Linux is designed this way.
theKidOfArcrania
commented
3 years ago Hi, you probably also need the cap_net_raw capability in addition to the cap_net_admin capability. (If you ran strace -e trace=socket python3 -c 'import iptc; iptc.easy.dump_all()' you will see that it will try to open a raw socket (which it will then use setsockopt to do iptable stuff)
I am trying to run the python-iptables as a non-root user.
My script is test.py:
import iptc import os
uid = os.getuid() print("Real user ID of the current process:", uid)
table = iptc.Table(iptc.Table.FILTER) print("Table is:".format(table))
I tried:
The logs are:
('Real user ID of the current process:', 1000) Traceback (most recent call last): File "test.py", line 7, in
table = iptc.Table(iptc.Table.FILTER)
File "/usr/lib64/python2.7/site-packages/iptc/ip4tc.py", line 1566, in new
obj._init(name, autocommit)
File "/usr/lib64/python2.7/site-packages/iptc/ip4tc.py", line 1582, in _init
self.refresh()
File "/usr/lib64/python2.7/site-packages/iptc/ip4tc.py", line 1619, in refresh
self.strerror()))
iptc.ip4tc.IPTCError: can't initialize filter: Permission denied (you must be root)
My kernel is: $ uname -r 4.4.224-1.el7.elrepo.x86_64
My python version is: Python 2.7.5
My python-iptables version is: python-iptables 0.12.0
I can successfully run "iptables -L" as a non-root user but I cannot successfully run iptc python commands as a non-root user. Could it be failing because it requires additional capabilities?