Hi all, What is the correct local loopback iptables rules for a single hosted firewall (laptop)? I often see the following: iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT where a default DROP policy is applied to both INPUT and OUTPUT chains. I notice with this configuration I can ping the localhost (as expected) but I also can ping the local IP address of the machine! Why is this this the case with respect to the local IP address? Is this the correct set of rules? iptables -A INPUT -i lo -s 127.0.0.1 -j ACCEPT iptables -A OUTPUT -o lo -d 127.0.0.1 -j ACCEPT With this configuration I can ping the localhost (as expected) but NOT also ping the local IP address of the machine :-) The loacal IP address of the machine is tied to a real interface such as eth0 and therefore no ping packets this time as expected. I presume the only traffic that should ever communicate with the "lo" interface is traffic to and from IP address 127.0.0.1. any comments are welcome. Paddy. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
