On Tue, May 23, 2006 at 10:06:45AM +0200, Rolf Kutz wrote:
The script under scrutiny was intended for a laptop. A router or firewall setup is something different and should not route traffic with spoofed addresses. rp_filter should catch this easily, if you can use it. If not, an IP-based rule is ok, IMHO.
No, if you mean to accept loopback traffic then you should accept -i lo. If nothing else, all of 127.0.0.0/8 is loopback addresses, not just 127.0.0.1, and I have seen software that makes use of that.
Mike Stone