mangle loopback

[Jeff Muse]

Hi all-

I have noticed that if I set the mangle PREROUTING policy to DROP, I cannot
reach services on localhost. If I set the mangle OUTPUT policy to DROP, I
cannot even ping "out" to localhost (sendto not permitted.) 

What is the connection between mangle and the loopback device? Is it safe
to leave mangle policies at ACCEPT, or should I set it at DENY and allow
specific instances? What target would be used to allow use of the loopack
address?

Very confused,

Jeff
--