Re: Help with IPtables and NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Martijn Lievaart a écrit :

<citaat van="Pascal Hambourg">


You forgot the whole 127.0.0.0/8 subnet which can be used on the
loopback interface. Anyway, why don't you just allow all traffic on the
loopback interface ?


Even worse, loopback is used for communicating with any local address, not
just the one assigned to the lo interface.


Local addresses were already dealt with by the following rules :

iptables -A INPUT -p ALL -i lo -s 127.0.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 192.168.0.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 172.10.10.1 -j ACCEPT
iptables -A INPUT -p ALL -i lo -s 172.10.10.2 -j ACCEPT



Don't restrict loopback unless you know exactly what you're doing.


Sure. Much less pain.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux