On Wed, Jan 26, 2000 at 08:24:00AM +0200, Michael Wood wrote: > > ipchains -A input -j ACCEPT -i lo > > ipchains -A output -j ACCEPT -i lo > > As far as I know this is safe, but perhaps someone you should > get the opinion of some other people :)
And why is it safe? Anti-spoofing? > If you want to make sure, you could do that, but I think your > rules are wrong. Won't the machine always use the same source > and dest addresses for stuff sent/received over lo? No. I once had such a set of rules and found out the hard way that I couldn't traceroute localhost because it had the real ip address as source. Michael -- Michael Meskes | Go SF 49ers! Th.-Heuss-Str. 61, D-41812 Erkelenz | Go Rhein Fire! Tel.: (+49) 2431/72651 | Use Debian GNU/Linux! Email: [email protected] | Use PostgreSQL!
