Cleanest way to deal with loopback interface?

seberino at seberino at
Mon Apr 18 01:27:09 CEST 2005

How allow just legitimate loopback traffic then?


On Wed, Apr 13, 2005 at 08:09:46PM -0500, Taylor Grant wrote:
> >allow traffic on the loopback interface unconditionally,  and allow the
> >linux routing code 'martian' checks to drop packets received
> >'on the wire' as it does by default.
> I don't think this is such a good idea.  I could reconfigure my system such
> that it's loop back interface was not in the network and set a
> route to the network to be via your IP on the LAN.  Assuming
> that your system and my system were on the same LAN and subnet and we could
> ping each other I would be able to access your address as your
> kernel would forward traffic to the loop back network in your system.
> Grant. . . .


Christian Seberino, Ph.D.
SPAWAR Systems Center San Diego
Code 2872
49258 Mills Street, Room 158
San Diego, CA 92152-5385

Phone: (619) 553-9973
Fax  : (619) 553-6521
Email: seberino at

More information about the netfilter mailing list