Cleanest way to deal with loopback interface?

Christian Seberino seberino at
Thu Apr 14 01:57:53 CEST 2005

> allow traffic on the loopback interface unconditionally,  and allow the
> linux routing code 'martian' checks to drop packets received
> 'on the wire' as it does by default.


Thank you very much!
Are you saying that there is no reason for firewalls to check for and
drop packets addressed to and from because Linux TCP stack
already drops those automatically?  I didn't know source IP addresses
were checked by default.  This is almost like a built in 'always on'
firewalling on Linux!?

In other words, if I tried to spoof packets to your LAN from,
they would never get through even with no firewalls?


More information about the netfilter mailing list