Re: Interface Envy
On Wed, Jan 26, 2000 at 08:24:00AM +0200, Michael Wood wrote:
> > ipchains -A input -j ACCEPT -i lo
> > ipchains -A output -j ACCEPT -i lo
>
> As far as I know this is safe, but perhaps someone you should
> get the opinion of some other people :)
And why is it safe? Anti-spoofing?
> If you want to make sure, you could do that, but I think your
> rules are wrong. Won't the machine always use the same source
> and dest addresses for stuff sent/received over lo?
No. I once had such a set of rules and found out the hard way that I
couldn't traceroute localhost because it had the real ip address as source.
Michael
--
Michael Meskes | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire!
Tel.: (+49) 2431/72651 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De | Use PostgreSQL!
Reply to: