[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Interface Envy

On Wed, Jan 26, 2000 at 08:24:00AM +0200, Michael Wood wrote:
> >   ipchains -A input  -j ACCEPT -i lo
> >   ipchains -A output -j ACCEPT -i lo
> 
> As far as I know this is safe, but perhaps someone you should
> get the opinion of some other people :)

And why is it safe? Anti-spoofing?

> If you want to make sure, you could do that, but I think your
> rules are wrong.  Won't the machine always use the same source
> and dest addresses for stuff sent/received over lo?

No. I once had such a set of rules and found out the hard way that I
couldn't traceroute localhost because it had the real ip address as source.

Michael
-- 
Michael Meskes                         | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De           | Use PostgreSQL!
Reply to: