* Quoting LeVA ([EMAIL PROTECTED]): > > iptables -A INPUT -i lo -j ACCEPT > > iptables -A OUTPUT -o lo -j ACCEPT > > > But if one can spoof 127.0.0.1, then one can spoof anything else, so creating > any rule with an ip address matching is useless. No? If I set up my firewall > to accept only my local network (eg. -s 192.168.0.0/255.255.255.0) connecting > to a port (eg. smtp), then anyone can spoof that too. So what's the point of > creating rules? :)
The script under scrutiny was intended for a laptop. A router or firewall setup is something different and should not route traffic with spoofed addresses. rp_filter should catch this easily, if you can use it. If not, an IP-based rule is ok, IMHO. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
