On Thursday 06 March 2003 10:52 pm, Duncan wrote: > On Thu 06 Mar 2003 15:25, allen posted as excerpted below: > > And, interestingly, any 127.0.0.x will work nicely for local loopback. > > Something to take special note of in IPTables rules, that. Don't deny > > just 127.0.0.1 from external interfaces. > The RFCs dedicate an entire /8 (formerly class A) to itl From RFC 1812:
Yeah. I noticed because my Linux box accepted that range, but Solaris didn't, local machine to itself. > A router SHOULD NOT forward, except over a loopback interface, any packet > that has a source address on network 127. [] Keywords "SHOULD NOT" I have caught some of these coming through my cable modem once I noticed that my machine responds to more than just 127.0.0.1... I blocked off the whole 127.0.0.x and then noticed some crap coming through my external adapter to 127.0.0.x where x <> 1. Talk about yer mind opening security experiences... > See also this thread (including a reply by Alan Cox, so it's on pretty good > authority), which emphasizes setting the firewall right as well: > http://www.uwsg.iu.edu/hypermail/linux/kernel/0209.2/0136.html Yeah...
