Cleanest way to deal with loopback in iptables script?

Christian Seberino Wed, 13 Apr 2005 13:52:15 -0700

I want first rules that packets encounter to be my DROP_CHAIN
that weeds out suspicious packets including packets addressed
to and from 127.0.0.1 (loopback):


# -------------------------------------------------------------
$IPTABLES -t filter -P INPUT   DROP
$IPTABLES -t filter -P OUTPUT  DROP
$IPTABLES -t filter -P FORWARD DROP
 
$IPTABLES -t filter -A INPUT   -j DROP_CHAIN
$IPTABLES -t filter -A OUTPUT  -j DROP_CHAIN
$IPTABLES -t filter -A FORWARD -j DROP_CHAIN
  
$IPTABLES -t filter -A INPUT  -i $LOOPBACK_INTERFACE -j ACCEPT
$IPTABLES -t filter -A OUTPUT -o $LOOPBACK_INTERFACE -j ACCEPT
# ------------------------------------------------------------

How can I make DROP_CHAIN drop bogus 127.0.0.1 addressed packets
but still allow **legitimate** loopback traffic?

Chris


-- 
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list

Cleanest way to deal with loopback in iptables script?

Reply via email to