On Thu 06 Mar 2003 15:25, allen posted as excerpted below: > > And, interestingly, any 127.0.0.x will work nicely for local loopback. > > I doubt it is supposed to be that way, but it is that way. > > Something to take special note of in IPTables rules, that. Don't deny > just 127.0.0.1 from external interfaces.
The RFCs dedicate an entire /8 (formerly class A) to itl From RFC 1812: <quote> 5.3.7 Martian Address Filtering [] A router SHOULD NOT forward, except over a loopback interface, any packet that has a source address on network 127. [] A router SHOULD NOT forward, except over a loopback interface, any packet that has a destination address on network 127. [] </quote> See also this thread (including a reply by Alan Cox, so it's on pretty good authority), which emphasizes setting the firewall right as well: http://www.uwsg.iu.edu/hypermail/linux/kernel/0209.2/0136.html The above quote and link courtesy of Google.. -- Duncan "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -- Benjamin Franklin
