On Tuesday 2012-03-13 15:28, paddy joesoap wrote: >Hi all, > >What is the correct local loopback iptables rules for a single hosted >firewall (laptop)? > >I often see the following: > >iptables -A INPUT -i lo -j ACCEPT >iptables -A OUTPUT -o lo -j ACCEPT > >where a default DROP policy is applied to both INPUT and OUTPUT chains. > >I notice with this configuration I can ping the localhost (as >expected) but I also can ping the local IP address of the machine! Well that's the whole point of loopback. >Why is this this the case with respect to the local IP address? > >Is this the correct set of rules? No, because your local host has more addresses than just 127.0.0.1/32, and they very well want to be accessible. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
