Resolved: locking oneself out, unroutable addresses
On Mon, Jan 23, 2006 at 04:06:26PM +1100, Daniel Pittman wrote:
> gcrimp@vcn.bc.ca writes:
> > On Mon, Jan 23, 2006 at 01:02:16PM +1100, Daniel Pittman wrote:
> >> gcrimp@vcn.bc.ca writes:
> >>
Well, the local lock out question, at least, is resolved ....
[snip]
> >> That warning, presumably, is (badly worded, and) about locking your self
> >> out if you use SSH or something to access the server. The local,
> >> physically connected keyboard does *not* touch the network at all.
> >
> > I'm not so sure about that.
>
> Really, trust me here: the keyboard input layer is not connected to the
> network layer in any way...
>
[snip]
> >
> > I think the remote problem you suggest is already covered in this quote.
>
> ...and that just confuses me.
>
> > I have to guess that the sentence I included in my OP refers to
> > something else. Now that I have determined from where the original
> > quote comes, I guess I can ask the author what he means by it.
>
> Indeed. I would be curious -- the situation described is, to my eyes,
> almost completely impossible. You could, in theory, prevent X from
> functioning or cause an input method of some sort to fail, but otherwise
> it really would be quite impractical.
I have had a reply from the writer of the quote. The situation he described
was not a result of iptables alone. But, with remote (login)
authentication, if the ip packets are not getting through as a result of an
iptables rule, one is effectively locked out. Sorry if this is not entirely
accurate. Any inaccuracies in this description are entirely my own.
So, can anyone suggest what I should do with packets that have a source
address of 0.0.0.0?
Thanks for the input so far.
GC
Reply to: