Micah Anderson <[EMAIL PROTECTED]> writes: > Ah, looking at my firewall I've got: > -A output -s 127.0.0.1/255.0.0.0 -d 127.0.0.1/255.0.0.0 -p 17 -j ACCEPT > -A output -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l > -A output -s 0.0.0.0/0.0.0.0 -d 127.0.0.0/255.0.0.0 -j REJECT -l > -A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l > -A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY -l > > So from what you are saying I should add:
You should stop filtering loopback, as this is useless (one exception: It is possible to trick a malconfigured proxy into talking to internal services via 'lo'.) > Should these be allowable from 127.0.0.1 to anywhere? 127.0.0.1 is a 'virtual' interface which in reality is always the machine itself. -- SIGSTOP
