* Quoting Uwe Hermann ([EMAIL PROTECTED]): > > iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host > > iptables -A OUTPUT -j ACCEPT -d 127.0.0.1 > > Correct me if I'm wrong, but I think this would also allow incoming > traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing > his IP address to appear to be 127.0.0.1 could send _any_ traffic > to you and you would ACCEPT it, basically rendering the firewall > useless. Did I miss anything?
Maybe this: | echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
