Re: Request for comments: iptables script for use on laptops.
* Quoting Uwe Hermann (uwe@hermann-uwe.de):
> > iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host
> > iptables -A OUTPUT -j ACCEPT -d 127.0.0.1
>
> Correct me if I'm wrong, but I think this would also allow incoming
> traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing
> his IP address to appear to be 127.0.0.1 could send _any_ traffic
> to you and you would ACCEPT it, basically rendering the firewall
> useless. Did I miss anything?
Maybe this:
| echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter
- Rolf
Reply to: