Re: 127.0.0.0/8 addresses from the network
-> > is debian protected beforeconnecting from remote hosts to address
-> > 127.0.0.0/8 ?
-> >
-> > how?
->
->
-> [amos]:~/# grep spoof-protect /etc/init.d/networking
-> if [ -e /etc/network/spoof-protect ]; then
-> . /etc/network/spoof-protect
->
-> [amos]:~/# grep 127.0.0.1 /etc/network/spoof-protect
-> LOCAL_IPS="127.0.0.1/8"
->
-> [amos]:~/# grep LOCAL_IPS /etc/init.d/networking -A4|tail -5
-> for ip in $LOCAL_IPS; do
-> ipchains -D input -j DENY -l -s $ip -i ! lo 2>/dev/null || true
-> ipchains -A input -j DENY -l -s 127.0.0.0/8 -i ! lo
-> done
well but this one is (according to the source) called only on 2.0 and 2.1
kernels.
I have kernel 2.2 and no ipchains rule in kernel set up
btw shouldn't ipchains stay BEFORE ipfwadm ? (afaik ipchains is newer then
ipfwadm)
spoofprotect () {
echo -n "Setting up IP spoofing protection: "
if spoofprotect_rp_filter; then
echo "rp_filter."
elif spoofprotect_ipfwadm; then
echo "ipfwadm."
elif spoofprotect_ipchains; then
echo "ipchains."
else
echo "FAILED"
fi
}
i runned this command:
up route add -net 127.0.0.0/8 dev lo
into /etc/network/interfaces into lo configl;
is that ok, isn't it superflous etc?
--
Matus "fantomas" Uhlar, sysadmin at NEXTRA, Slovakia; IRCNET admin of *.sk
uhlar@fantomas.sk ; http://www.fantomas.sk/ ; http://www.nextra.sk/
Support bacteria - they're the only culture some people have.
Reply to: