iptables 구성이 있습니다.
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere
그런 다음 다음을 시도해 보세요.
user@debian:~$ host yahoo.com
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
yahoo.com has address 98.138.219.232
yahoo.com has address 72.30.35.9
yahoo.com has address 72.30.35.10
yahoo.com has address 98.137.246.7
yahoo.com has address 98.137.246.8
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
yahoo.com has IPv6 address 2001:4998:44:41d::3
yahoo.com has IPv6 address 2001:4998:44:41d::4
yahoo.com has IPv6 address 2001:4998:58:1836::10
yahoo.com has IPv6 address 2001:4998:58:1836::11
yahoo.com has IPv6 address 2001:4998:c:1023::4
yahoo.com mail is handled by 1 mta7.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta5.am0.yahoodns.net.
yahoo.com mail is handled by 1 mta6.am0.yahoodns.net.
어떻게? 나는 그것이 "캐싱"이라고 생각하고 다른 도메인을 시도했습니다. 모두 해결되었습니다.
"음, 로컬 DNS 캐시일 수도 있습니다." - 컴퓨터의 인터넷을 끄세요. 글쎄, 해결되지 않았습니다.
어떻게? 왜?
답변1
해결되었습니다!
나는 이 마법을 눈치채지 못했습니다.
yahoo.com has address 98.138.219.231
yahoo.com has IPv6 address 2001:4998:c:1023::5
따라서 "ip6tables"에 대한 규칙을 설정해야 합니다.
# ip6tables -P INPUT DROP
# ip6tables -P OUTPUT DROP
# ip6tables -P FORWARD DROP
내 결과는 다음과 같습니다.
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; connection timed out ; no servers could be reached
PS "tcpdump"를 기억하면 문제가 더 빨리 해결됩니다.