Hi, > > iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host > > iptables -A OUTPUT -j ACCEPT -d 127.0.0.1 > > Correct me if I'm wrong, but I think this would also allow incoming > traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing > his IP address to appear to be 127.0.0.1 could send _any_ traffic > to you and you would ACCEPT it, basically rendering the firewall > useless. Did I miss anything? >
yes, i think this allow incoming spoofed traffic to eth0 (or it is "martian?") but the response must follow what found in routing table -> lo interfaces... am i wong? bye
