sön 2009-08-16 klockan 19:17 +1200 skrev Amos Jeffries: > Aha. Just connect() then? not really bind() or listen()?
Correct. Bind to 0.0.0.0 is "any address". > I'm thinking that aliasing has already been done before Squid gets such > packets at the 'other end'. So that we only see the real localhost IP if > its intercepted. Right? 0.0.0.0 is not valid for use on the wire. I would expect stacks to discard such packets. > Problem might be DNS on forward proxy traffic, but thats validated out > of existence to a NXDOMAIN. ? > Leaving only hosts file entries. I know 0.0.0.0 is used to boganize > domain names at times. Because it doesn't resolve! > For the intended use of the ACL as you highlight, yes I agree it's a > good change. It may not be good for the reality situation though. Well, it's the same thing so doesn't matter really. > What about a bogons ACL for less confusion? dst 0.0.0.0 is not more bogon than dst 127.0.0.1. Regards Henrik
