Hi Ralf, hi Payal, > 2. You should never see any packets coming from 127.0.0.1 going to any > other IP-address than 127.0.0.1. I don't believe that to be the case. I think that any communication from the machine back to itself, addressed to any of its IP addresses, will be routed over the loopback interface rather than any Ethernet or other device. > To allow localhost traffic just do > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -o lo -j ACCEPT But these rules are correct. Cheers, Chris. -- ___ __ _ / __// / ,__(_)_ | Chris Wilson -- UNIX Firewall Lead Developer | / (_ / ,\/ _/ /_ \ | NetServers.co.uk http://www.netservers.co.uk | \ _//_/_/_//_/___/ | 21 Signet Court, Cambridge, UK. 01223 576516 |
