I tried to understand this attack but it was over my head. The message is simply that I should only allow loopback traffic whose source and destination addresses are 127.0.0.0/8 right??
e.g.
$IPTABLES -t filter -A INPUT -i $LOOPBACK_INTERFACE -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT $IPTABLES -t filter -A OUTPUT -o $LOOPBACK_INTERFACE -s 127.0.0.0/8 -d 127.0.0.0/8 -j ACCEPT
This is safe Right?
Yes that is correct. I might be tempted to add a couple of rules in your FILTER chain too.
$IPTABLES -t filter -A FORWARD -s 127.0.0.0/8 -j DROP $IPTABLES -t filter -A FORWARD -d 127.0.0.0/8 -j DROP
This will catch any traffic that comes in to any interface, via the FORWARD chain rule with out an interface binding, that would go out any other interface. In other words any traffic that should be passing through your FORWARD chain should not be destined or from any 127.0.0.0/8 IP addresses, this will trap and DROP any such traffic.
Grant. . . .
