How allow just legitimate loopback traffic then? Chris On Wed, Apr 13, 2005 at 08:09:46PM -0500, Taylor Grant wrote: > >allow traffic on the loopback interface unconditionally, and allow the > >linux routing code 'martian' checks to drop 127.0.0.0/8 packets received > >'on the wire' as it does by default. > > I don't think this is such a good idea. I could reconfigure my system such > that it's loop back interface was not in the 127.0.0.0/8 network and set a > route to the 127.0.0.0/8 network to be via your IP on the LAN. Assuming > that your system and my system were on the same LAN and subnet and we could > ping each other I would be able to access your 127.0.0.1 address as your > kernel would forward traffic to the loop back network in your system. > > > > Grant. . . . > -- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-6521 Email: seberino@xxxxxxxxxxxxxxx _______________________________________
