Re: 127.0.0.0/8 addresses from the network

To: debian-security@lists.debian.org
Subject: Re: 127.0.0.0/8 addresses from the network
From: Jim Breton <jamesb-debian@alongtheway.com>
Date: Fri, 9 Mar 2001 23:01:30 +0000
Message-id: <[🔎] 20010309230130.25832.qmail@alongtheway.com>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20010309204954.24241.qmail@alongtheway.com>; from jamesb-debian@alongtheway.com on Fri, Mar 09, 2001 at 08:49:54PM +0000
References: <[🔎] 20010309113023.A22505@fantomas.sk> <[🔎] 20010309084740.H28342@llama.nslug.ns.ca> <[🔎] 20010309204954.24241.qmail@alongtheway.com>

On Fri, Mar 09, 2001 at 08:49:54PM +0000, Jim Breton wrote:
> # deny and log all packets trying to come in from a 127.0.0.0/8 address
> # over a non-'lo' interface

Oops.  Just occurred to me that this is not what you were asking about.
Why do I do such things?

Anyway.

/etc/ipmasq/rules/I90external.def

# accept incoming packets from external networks on external interfaces

        ipchains)
            $IPCHAINS -A input -j ACCEPT -i $i -d $IPOFIF/32
            if [ -n "$BCOFIF" ]; then
                $IPCHAINS -A input -j ACCEPT -i $i -d $BCOFIF/32
            fi
            ;;

Since we have a default drop and log coming later in the rules
(/etc/ipmasq/rules/ZZZdenyandlog.def), this will take care of your
concern.

Reply to:

Follow-Ups:
- Re: 127.0.0.0/8 addresses from the network
  - From: Ted Cabeen <secabeen@pobox.com>

References:
- 127.0.0.0/8 addresses from the network
  - From: "Matus \"fantomas\" Uhlar" <uhlar@fantomas.sk>
- Re: 127.0.0.0/8 addresses from the network
  - From: Peter Cordes <peter@llama.nslug.ns.ca>
- Re: 127.0.0.0/8 addresses from the network
  - From: Jim Breton <jamesb-debian@alongtheway.com>

Prev by Date: Segfault in login
Next by Date: Re: 127.0.0.0/8 addresses from the network
Previous by thread: Re: 127.0.0.0/8 addresses from the network
Next by thread: Re: 127.0.0.0/8 addresses from the network
Index(es):
- Date
- Thread