From owner-freebsd-ipfw Mon May 15 17:17:51 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from io.dreamscape.com (io.dreamscape.com [206.64.128.6]) by hub.freebsd.org (Postfix) with ESMTP id 5570C37B93E for ; Mon, 15 May 2000 17:17:49 -0700 (PDT) (envelope-from krentel@dreamscape.com) Received: from dreamscape.com (sA22-p30.dreamscape.com [209.217.202.94]) by io.dreamscape.com (8.9.3/8.8.4) with ESMTP id UAA15113; Mon, 15 May 2000 20:16:46 -0400 (EDT) X-Dreamscape-Track-A: sA22-p30.dreamscape.com [209.217.202.94] X-Dreamscape-Track-B: Mon, 15 May 2000 20:16:46 -0400 (EDT) Received: (from krentel@localhost) by dreamscape.com (8.9.3/8.9.3) id UAA02420; Mon, 15 May 2000 20:16:43 -0400 (EDT) (envelope-from krentel) Date: Mon, 15 May 2000 20:16:43 -0400 (EDT) From: "Mark W. Krentel" Message-Id: <200005160016.UAA02420@dreamscape.com> To: archie@whistle.com Subject: Re: rc.firewall rule 200 Cc: freebsd-ipfw@FreeBSD.ORG Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > The point of these two rules is to disallow someone on another > (locally networked) machine from doing this: > > ifconfig lo0 down delete > route add 127.0.0.0 > telnet 127.0.0.1 Ok, good point. But this attack can only be launched from one hop away, right? A legitimate machine would not forward a packet destined for 127.0.0.1, so the attacker has to be one hop away. But my original question still stands. Isn't it equally important to block packets from 127.0.0.0/8 that are not over loopback? On the gateway machine for a local network, you would certainly block spoofing of the network's internal addresses. And indeed, the "simple" type in rc.firewall does this. So, don't you also want to block spoofing of 127.0.0.1? --Mark To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message