Cleanest way to deal with loopback interface?
seberino at spawar.navy.mil
Thu Apr 14 01:57:53 CEST 2005
> allow traffic on the loopback interface unconditionally, and allow the
> linux routing code 'martian' checks to drop 127.0.0.0/8 packets received
> 'on the wire' as it does by default.
Thank you very much!
Are you saying that there is no reason for firewalls to check for and
drop packets addressed to and from 127.0.0.1 because Linux TCP stack
already drops those automatically? I didn't know source IP addresses
were checked by default. This is almost like a built in 'always on'
firewalling on Linux!?
In other words, if I tried to spoof packets to your LAN from 127.0.0.1,
they would never get through even with no firewalls?
More information about the netfilter