- Subject: Re: comments about local loopback interface rule granularity
- From: Gáspár Lajos <swifty@xxxxxxxxxxx>
- Date: Tue, 13 Mar 2012 16:17:58 +0100
- Cc: netfilter@xxxxxxxxxxxxxxx
- In-reply-to: <CAMmbHwnH1YSW8vFJu2aoFSnY-vSDRS9KtGdhSe2G=tdyhGgmsg@mail.gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20120216 Icedove/8.0
Hi,
2012-03-13 15:28 keltezéssel, paddy joesoap írta:
I often see the following:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
where a default DROP policy is applied to both INPUT and OUTPUT chains.
Just a side note.
I always use these rules because:
- I just enable something and deny everything else... (ACCEPT the
specified and DROP as the policy).
- I want my local services run "as fas as they can"... (I use the
rules above as the first rule in the chain. Be aware that you can use
the rules above in the raw, mangle and filter tables too..)
- I do not think that there is anything filterable on the "lo" interface.
Swifty
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Networking Development]
[Linux Kernel Development]
[Linux Resources]
[LARTC]
[Bugtraq]
[Consulting]
[Free Internet Dating]
[Yosemite Forum]
[Photo]
