On 2008-04-22, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Grant Taylor a �it : >> >> No, you mis-understood me. What I meant by "Linux considers it secure" >> is that (by default) it will not let any traffic in to our out of the >> loopback interface from / to a different interface. > > There is no such traffic forwarded between the loopback interface and > another interface, because it just makes no sense. The loopback is > designed for local host communications : all that is sent through it is > received back by the host, and all that is received through it was sent > by the host. > No. Loopback interface is just another dummy interface to be able to assign node scope adresses from 127.0.0.0/8 block. The reason for loopback is somobedy wants to have (node scoped) IP socket on machine with no real interfaces. It's just a historical relict because IP address needs an interface in Linux. When we talk about address routability, we talk about scopes in real. E.g. I know about people running IPv6 networks where each router has globally routable addresses on loopaback interface, real ethernet interfaces between routers have only link scope addresses and a dynamic routing protocol (e.g, OSPF) is used to solve routing via network. And of course it works. Thus the criteria of address routability should be its scope (and routing tables) and not type (driver) of interface. -- Petr -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
