[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Request for comments: iptables script for use on laptops.

* Quoting Michael Stone (mstone@debian.org):

> On Tue, May 23, 2006 at 10:06:45AM +0200, Rolf Kutz wrote:
> >The script under scrutiny was intended for a
> >laptop. A router or firewall setup is something
> >different and should not route traffic with
> >spoofed addresses.  rp_filter should catch this
> >easily, if you can use it. If not, an IP-based
> >rule is ok, IMHO.
> 
> No, if you mean to accept loopback traffic then you should accept -i lo. 
> If nothing else, all of 127.0.0.0/8 is loopback addresses, not just 
> 127.0.0.1, and I have seen software that makes use of that.

Locally, yes, but on a firewall or router? _And I
was referring to 192.168.x.x addresses.

- Rolf
Reply to: