>> Steve Holdoway wrote: >> >> iptables -F INPUT >> iptables -A INPUT -s <ipaddress> -j DROP ( x 10 ) >> >> Using this method, it also stops access to localhost. >> What am I missing??? >> >> > On Fri, May 12, at 12:32:57PM, Craig FALCONER wrote: > > iptables -A INPUT -s 127.0.0.1 -j ALLOW > iptables -A INPUT -s <localnetwork> -j ALLOW
127.0.0.1 and <localnetwork> are reserved addresses that can be spoofed in packets coming from external hosts, so you should add rules that apply to the input -i and output -o interfaces not just a -s <ipaddress>. # loopback rules iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT #drop addresses that may be spoofed from external hosts. iptables -A INPUT -i ppp0 -s 10.0.0.0/8 -j DUMP iptables -A INPUT -i ppp0 -s 192.168.0.0/16 -j DUMP -- keith
