> allow traffic on the loopback interface unconditionally, and allow the > linux routing code 'martian' checks to drop 127.0.0.0/8 packets received > 'on the wire' as it does by default. > Jason Thank you very much! Are you saying that there is no reason for firewalls to check for and drop packets addressed to and from 127.0.0.1 because Linux TCP stack already drops those automatically? I didn't know source IP addresses were checked by default. This is almost like a built in 'always on' firewalling on Linux!? In other words, if I tried to spoof packets to your LAN from 127.0.0.1, they would never get through even with no firewalls? Chris
