2006. május 23. 02:04, Uwe Hermann <[EMAIL PROTECTED]> -> George Hein <[EMAIL PROTECTED]>,debian-laptop@lists.debian.org, debian-security@lists.debian.org: > > iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host > > iptables -A OUTPUT -j ACCEPT -d 127.0.0.1 > > Correct me if I'm wrong, but I think this would also allow incoming > traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing > his IP address to appear to be 127.0.0.1 could send _any_ traffic > to you and you would ACCEPT it, basically rendering the firewall > useless. Did I miss anything? > > The following should be better, as it only allows traffic to/from the > loopback interface (but not eth0 or what have you)... > > iptables -A INPUT -i lo -j ACCEPT > iptables -A OUTPUT -o lo -j ACCEPT > But if one can spoof 127.0.0.1, then one can spoof anything else, so creating any rule with an ip address matching is useless. No? If I set up my firewall to accept only my local network (eg. -s 192.168.0.0/255.255.255.0) connecting to a port (eg. smtp), then anyone can spoof that too. So what's the point of creating rules? :)
Daniel -- LeVA
