From owner-cvs-all Sat Feb 2 8:50: 0 2002 Delivered-To: cvs-all@freebsd.org Received: from quemadura.shockwave.org (adsl-63-199-168-250.dsl.snfc21.pacbell.net [63.199.168.250]) by hub.freebsd.org (Postfix) with ESMTP id CB9C537B402; Sat, 2 Feb 2002 08:49:56 -0800 (PST) Received: from quemadura.shockwave.org (localhost [127.0.0.1]) by quemadura.shockwave.org (8.12.1/8.12.1/Debian -5) with ESMTP id g12GncTv005797 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK); Sat, 2 Feb 2002 08:49:38 -0800 Received: (from pst@localhost) by quemadura.shockwave.org (8.12.1/8.12.1/Debian -5) id g12Gnc2q005795; Sat, 2 Feb 2002 08:49:38 -0800 From: Paul Traina Date: Sat, 2 Feb 2002 08:49:38 -0800 To: Giorgos Keramidas Cc: Stefan `Sec` Zehl , Ruslan Ermilov , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/netinet ip_output.c Message-ID: <20020202164938.GA5777@pst.org> Mail-Followup-To: Giorgos Keramidas , Stefan `Sec` Zehl , Ruslan Ermilov , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org References: <200202011042.g11Ag9U93410@freefall.freebsd.org> <20020202123007.GA19270@matrix.42.org> <20020202140147.GA71238@hades.hell.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020202140147.GA71238@hades.hell.gr> Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Please don't hard-code this. We've seen some people actually use the loopback network as their internal (to their AS) network. Loopback means different things to different people. It's the same thing as the firewall stuff. On Sat, Feb 02, 2002 at 04:01:48PM +0200, Giorgos Keramidas wrote: > On 2002-02-02 13:30, Stefan `Sec` Zehl wrote: > > On Fri, Feb 01, 2002 at 02:42:09AM -0800, Ruslan Ermilov wrote: > > > ru 2002/02/01 02:42:09 PST > > > > > > Modified files: (Branch: RELENG_4) > > > sys/netinet ip_output.c > > > Log: > > > MFC: 1.148: { 127, } MUST NOT appear outside a host. > > > > Wouldn't preventing FreeBSD to receive 127.x from non-loopback > > interfaces make more sense than preventing to send it? > > That's probably OK too. I've used a firewall for similar filtering > until now. For instance, packets from/to one of the address blocks > listed in RFC 1918 should never appear on my dialup interface. > > Since the local configuration is not known to the kernel, filtering of > rfc1918 addresses can only be done with a firewall, but about loopback > interfaces you're right that ip_input() should probably be changed too. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message