Re: Strange firewall logs

To: debian-security@lists.debian.org
Subject: Re: Strange firewall logs
From: Rainer Weikusat <weikusat@mail.uni-mainz.de>
Date: 11 Feb 2001 14:47:38 +0100
Message-id: <87hf21gwlh.fsf@winter.inter-i.uni-mainz.de>
In-reply-to: Micah Anderson's message of "Sat, 10 Feb 2001 18:28:04 -0800"
References: <4.3.2.7.2.20010210170404.00aed7e0@mail.potlnd1.or.home.com> <3A85E943.7AAD2658@murcott.net> <20010210182804.F12244@riseup.net>

Micah Anderson <micah@riseup.net> writes:
> Ah, looking at my firewall I've got:
> -A output -s 127.0.0.1/255.0.0.0 -d 127.0.0.1/255.0.0.0 -p 17 -j ACCEPT
> -A output -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l
> -A output -s 0.0.0.0/0.0.0.0 -d 127.0.0.0/255.0.0.0 -j REJECT -l
> -A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
> -A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l
> 
> So from what you are saying I should add:

You should stop filtering loopback, as this is useless (one exception:
It is possible to trick a malconfigured proxy into talking to
internal services via 'lo'.) 

> Should these be allowable from 127.0.0.1 to anywhere?

127.0.0.1 is a 'virtual' interface which in reality is always the
machine itself. 

-- 
SIGSTOP

Reply to:

References:
- Re: Strange firewall logs
  - From: Tim Bishopric <tbishopric2@home.com>
- Re: Strange firewall logs
  - From: Simon Murcott <simon@murcott.net>
- Re: Strange firewall logs
  - From: Micah Anderson <micah@riseup.net>

Prev by Date: Re: Food for thought - SECURITY (design flaw?)
Next by Date: Re: Strange firewall logs
Previous by thread: Re: Strange firewall logs
Next by thread: Re: Strange firewall logs
Index(es):
- Date
- Thread