我最近尝试使用 rsync 从 uceprotect.net 检索 UCE(垃圾邮件)发件人 IP 的副本,但遇到以下错误:
[user@host ucedata]$ rsync -rzv rsync-mirrors.uceprotect.net::RBLDNSD-ALL/ ./
rsync: failed to connect to rsync-mirrors.uceprotect.net (67.58.96.162): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (69.30.193.210): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (72.13.86.154): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (88.198.110.110): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (96.31.84.20): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (185.248.148.6): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (193.138.29.11): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (199.48.69.42): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (199.187.241.194): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (209.44.102.199): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (209.126.213.95): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (217.23.49.207): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (41.208.71.58): Permission denied (13)
rsync: failed to connect to rsync-mirrors.uceprotect.net (66.240.236.50): Permission denied (13)
rsync error: error in socket IO (code 10) at clientserver.c(127) [Receiver=3.1.3]
我能够写入当前目录;为什么“权限被拒绝(13)”?
答案1
起初,我认为这可能是由于其他一些用户权限或用户限制造成的。然而,在我的特定系统上,这个特定问题的答案很简单——OpenBSD PF 被配置为阻止所有不是发往端口 53、80、123 或 443 的传出流量。由于加载了 PF 规则,OpenBSD 没有首先允许创建 TCP 套接字。
使用 netcat 进行测试表明,用户和 root 都无法创建具有 PF 禁止目标的套接字:
[user@host ucedata]$ nc -v 67.58.96.162 873
nc: connect to 67.58.96.162 port 873 (tcp) failed: Permission denied
[root@host ucedata]# nc -v 67.58.96.162 873
nc: connect to 67.58.96.162 port 873 (tcp) failed: Permission denied
以下内核跟踪摘录显示权限被拒绝是由于尝试连接造成的:
70602 rsync CALL connect(3,0xccece01e770,16)
70602 rsync STRU struct sockaddr { AF_INET, 69.30.193.210:873 }
70602 rsync RET connect -1 errno 13 Permission denied
通过添加pass out log on $ext_if proto tcp to any port 873并/etc/pf.conf重新加载防火墙规则 ( pfctl -f /etc/pf.conf),我就能够连接了。