Re: Strange firewall logs
Micah Anderson <micah@riseup.net> writes:
> Ah, looking at my firewall I've got:
> -A output -s 127.0.0.1/255.0.0.0 -d 127.0.0.1/255.0.0.0 -p 17 -j ACCEPT
> -A output -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l
> -A output -s 0.0.0.0/0.0.0.0 -d 127.0.0.0/255.0.0.0 -j REJECT -l
> -A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
> -A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
>
> So from what you are saying I should add:
You should stop filtering loopback, as this is useless (one exception:
It is possible to trick a malconfigured proxy into talking to
internal services via 'lo'.)
> Should these be allowable from 127.0.0.1 to anywhere?
127.0.0.1 is a 'virtual' interface which in reality is always the
machine itself.
--
SIGSTOP
Reply to: