On 08.01.2016 16:24, prmarino1@xxxxxxxxx wrote:
Don't put a public address on a lo device use a dummy eth interface instead. Any IP address and it's subnet assigned to a lo device is marked as a marcian address and the traffic is dropped if it tries to leave the lo device.
O_o
I know that there is som old documentation out there (for example quagga's documentation) that says you can do it but it's been wrong since the 2.4 version off the kernel. Linux treats the lo device differently that what routers call a loopback device. The dummy driver is the linux equivalent of what routers call a loopback device.
What you write seems odd to me, we don't treat lo devices differently to dummy devices in respect if you bind a public ip address on it.
Bye, Hannes -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
