Cleanest way to deal with loopback interface?

seberino at spawar.navy.mil seberino at spawar.navy.mil
Mon Apr 18 01:27:09 CEST 2005


How allow just legitimate loopback traffic then?

Chris

On Wed, Apr 13, 2005 at 08:09:46PM -0500, Taylor Grant wrote:
> >allow traffic on the loopback interface unconditionally,  and allow the
> >linux routing code 'martian' checks to drop 127.0.0.0/8 packets received
> >'on the wire' as it does by default.
>
> I don't think this is such a good idea.  I could reconfigure my system such
> that it's loop back interface was not in the 127.0.0.0/8 network and set a
> route to the 127.0.0.0/8 network to be via your IP on the LAN.  Assuming
> that your system and my system were on the same LAN and subnet and we could
> ping each other I would be able to access your 127.0.0.1 address as your
> kernel would forward traffic to the loop back network in your system.
>
>
>
> Grant. . . .
>

--
_______________________________________

Christian Seberino, Ph.D.
SPAWAR Systems Center San Diego
Code 2872
49258 Mills Street, Room 158
San Diego, CA 92152-5385
U.S.A.

Phone: (619) 553-9973
Fax  : (619) 553-6521
Email: seberino at spawar.navy.mil
_______________________________________



More information about the netfilter mailing list