Hi,
> > iptables -A INPUT -j ACCEPT -s 127.0.0.1 # local host
> > iptables -A OUTPUT -j ACCEPT -d 127.0.0.1
>
> Correct me if I'm wrong, but I think this would also allow incoming
> traffic from 127.0.0.1 to the eth0 interface. So somebody spoofing
> his IP address to appear to be 127.0.
Hi,
You have FORWARD policy set to DROP (not by default but by rule) -> you don't
need "echo ... /ip_forward"
I don't like to log all what it drop, it can make full a partition and it is
not good :)
bye
> Your iptables scares me a bit, do we really have to do all that stuff
> like "echo to /
2 matches
Mail list logo
