Cleanest way to deal with loopback interface?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I want first rules that packets encounter to be my DROP_CHAIN
that weeds out suspicious packets including packets addressed
to and from 127.0.0.1 (loopback):

# -------------------------------------------------------------
$IPTABLES -t filter -P INPUT   DROP
$IPTABLES -t filter -P OUTPUT  DROP
$IPTABLES -t filter -P FORWARD DROP
 
$IPTABLES -t filter -A INPUT   -j DROP_CHAIN
$IPTABLES -t filter -A OUTPUT  -j DROP_CHAIN
$IPTABLES -t filter -A FORWARD -j DROP_CHAIN
  
$IPTABLES -t filter -A INPUT  -i $LOOPBACK_INTERFACE -j ACCEPT
$IPTABLES -t filter -A OUTPUT -o $LOOPBACK_INTERFACE -j ACCEPT
# ------------------------------------------------------------

How can I make DROP_CHAIN drop bogus 127.0.0.1 addressed packets
but still allow **legitimate** loopback traffic?

Chris
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux