Hi, On Thu, 05 Oct 2006 09:45:57 -0500 Michael Sullivan <[EMAIL PROTECTED]> wrote:
> On Thu, 2006-10-05 at 15:22 +0200, Hans-Werner Hilse wrote: > > Yep. That's how it should be according to your iptables dump. I never > > fighted with ipkungfu, but I think the LOCAL_NET configuration opens > > the door for the given network. At least that's how I interpret that > > comment there that says you should enter loopback network data if not > > sure. You probably should really do that. > > I've configured it this way because the IP address of each of my > computers will be changing once I get this firewall thing working. I'll > try that though. Well, I meant: Networks listed in LOCAL_NET are probably _meant_ to have full access. So what you describe is essentially a misconception about what LOCAL_NET does configure. And since there is a comment in the ipkungfu config file that says you should enter 127.0.0.1 there, I guess it is meant to generally allow traffic. And you'll probably want to allow 127.0.0.1 anyway (if not even 127.0.0.0/8). That configuration seems to end up in the iptables INPUT section right before a catch-all that drops all other traffic, and that really makes me think that everything is working fine, just as configured. Probably changing it to the suggested "127.0.0.1" will "fix" the issue. -hwh -- gentoo-user@gentoo.org mailing list
