Cleanest way to deal with loopback interface?

Christian Seberino seberino at spawar.navy.mil
Thu Apr 14 01:57:53 CEST 2005


> allow traffic on the loopback interface unconditionally,  and allow the
> linux routing code 'martian' checks to drop 127.0.0.0/8 packets received
> 'on the wire' as it does by default.
> 

Jason

Thank you very much!
Are you saying that there is no reason for firewalls to check for and
drop packets addressed to and from 127.0.0.1 because Linux TCP stack
already drops those automatically?  I didn't know source IP addresses
were checked by default.  This is almost like a built in 'always on'
firewalling on Linux!?

In other words, if I tried to spoof packets to your LAN from 127.0.0.1,
they would never get through even with no firewalls?

Chris




More information about the netfilter mailing list