Re: Request for comments: iptables script for use on laptops.

To: debian-security@lists.debian.org
Subject: Re: Request for comments: iptables script for use on laptops.
From: Rolf Kutz <kutz@netcologne.de>
Date: Tue, 23 May 2006 10:01:46 +0200
Message-id: <[🔎] 20060523080146.GB3814@afrika.vzsze.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20060523000412.GB18009@aragorn>
References: <[🔎] 20060521174024.GA1833@aragorn> <4471A747.1050406@optonline.net> <[🔎] 20060523000412.GB18009@aragorn>

* Quoting Uwe Hermann (uwe@hermann-uwe.de):

> >   iptables -A INPUT  -j ACCEPT -s 127.0.0.1      # local host
> >   iptables -A OUTPUT -j ACCEPT -d 127.0.0.1
> 
> Correct me if I'm wrong, but I think this would also allow incoming
> traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing
> his IP address to appear to be 127.0.0.1 could send _any_ traffic
> to you and you would ACCEPT it, basically rendering the firewall
> useless. Did I miss anything?

Maybe this:

| echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter

-  Rolf

Reply to:

Follow-Ups:
- Re: Request for comments: iptables script for use on laptops.
  - From: Uwe Hermann <uwe@hermann-uwe.de>

References:
- Request for comments: iptables script for use on laptops.
  - From: Uwe Hermann <uwe@hermann-uwe.de>
- Re: Request for comments: iptables script for use on laptops.
  - From: Uwe Hermann <uwe@hermann-uwe.de>

Prev by Date: Re: Request for comments: iptables script for use on laptops.
Next by Date: Re: Request for comments: iptables script for use on laptops.
Previous by thread: Re: Request for comments: iptables script for use on laptops.
Next by thread: Re: Request for comments: iptables script for use on laptops.
Index(es):
- Date
- Thread