Re: Request for comments: iptables script for use on laptops.
* Quoting Michael Stone (mstone@debian.org):
> On Tue, May 23, 2006 at 10:06:45AM +0200, Rolf Kutz wrote:
> >The script under scrutiny was intended for a
> >laptop. A router or firewall setup is something
> >different and should not route traffic with
> >spoofed addresses. rp_filter should catch this
> >easily, if you can use it. If not, an IP-based
> >rule is ok, IMHO.
>
> No, if you mean to accept loopback traffic then you should accept -i lo.
> If nothing else, all of 127.0.0.0/8 is loopback addresses, not just
> 127.0.0.1, and I have seen software that makes use of that.
Locally, yes, but on a firewall or router? _And I
was referring to 192.168.x.x addresses.
- Rolf
Reply to: