On Wed, 2004-12-08 at 07:32, Vesselin Kostadinov wrote: > Hi, > > The current "Iptables Tutorial" contains the following lines: > > $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LO_IP -j ACCEPT > $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $LAN_IP -j ACCEPT > $IPTABLES -A INPUT -p ALL -i $LO_IFACE -s $INET_IP -j ACCEPT > > where $LO_IFACE is "lo", $LO_IP is "127.0.0.1", $LAN_IP is "192.168.0.2" and > $INET_IP is "194.236.50.155". > > I fully agree with the first line but I am a bit puzzled by the other 2 > lines. Is there any chance packets with source IP other than 127.0.0.1 to > come from interface lo? no. the linux routing code drops packets with source IP != 127.0.0.1 received on lo as a "martian source." i used to have the actual line in the source code handy, but i'm sure some constructive grepping will get you there. -j -- "Look, just give me some inner peace, or I'll mop the floor with ya!" --The Simpsons
