如何禁用Linux上的用户的networking访问？

试图禁用用户的networking访问权限：

[root@notebook ~]# iptables -I OUTPUT -m owner --uid-owner tempuser -j DROP [root@notebook ~]# ip6tables -I OUTPUT -m owner --uid-owner tempuser -j DROP Could not open socket to kernel: Address family not supported by protocol [root@notebook ~]# [root@notebook ~]# iptables -I INPUT -m owner --uid-owner tempuser -j DROP iptables: Invalid argument. Run `dmesg' for more information. [root@notebook ~]# ip6tables -I INPUT -m owner --uid-owner tempuser -j DROP Could not open socket to kernel: Address family not supported by protocol [root@notebook ~]# 

testing它：

 [root@notebook ~]# su - tempuser [tempuser@notebook ~]$ ping google.com ping: unknown host google.com [tempuser@notebook ~]$ [tempuser@notebook ~]$ ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data. 64 bytes from 8.8.8.8: icmp_seq=1 ttl=56 time=4.80 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=56 time=4.07 ms ^C --- 8.8.8.8 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1057ms rtt min/avg/max/mdev = 4.071/4.439/4.807/0.368 ms [tempuser@notebook ~]$ [tempuser@notebook ~]$ exit logout [root@notebook ~]# ping google.com PING google.com (216.58.209.174) 56(84) bytes of data. 64 bytes from bud02s21-in-f14.1e100.net (216.58.209.174): icmp_seq=1 ttl=55 time=5.05 ms ^C --- google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 572ms rtt min/avg/max/mdev = 5.059/5.059/5.059/0.000 ms [root@notebook ~]# 

问题：如何在Linux下禁用给定用户的networking访问？ （INPUT / OUTPUT / IPv4 / IPv6？） – 为什么我仍然可以ping用户的IPv4地址？

• 我是否需要为iptables上的传出规则设置源和目标端口的规则？
• 我是否需要使用iptables过滤OUTPUT专用防火墙盒？
• 调制解调器进入网桥模式有什么缺点吗？
• 在Amazon VPC中对“networking无法访问”进行故障排除
• 无法连接到AWS RDS实例

 [me@lory ~]$ ls -al /bin/ping -rwsr-xr-x. 1 root root 40760 Sep 26 2013 /bin/ping