On Fri, 17 Dec 2004 20:34:55 +0100 Tomas Carnecky <tom at dbservice.com> wrote: > > It is already checked in do_ip6t_set_ctl(). Otherwise anyone could > > replace iptables rules :) > For me it seems that only CAP_NET_ADMIN is checked and not the data. If that's the case then I agree with you Tomas.