Date: Thu, 04 Nov 2021 13:03:29 +0000 From: Jamie Landeg-Jones <jamie@catflap.org> To: shuriku@shurik.kiev.ua, freebsd-net@FreeBSD.org Subject: Re: netmask for loopback interfaces Message-ID: <202111041303.1A4D3T0r091830@donotpassgo.dyslexicfish.net> In-Reply-To: <3244c917-d08a-c72b-5b5a-f74233cf47f5@shurik.kiev.ua> References: <202111032301.1A3N121R075694@mail.karels.net> <3244c917-d08a-c72b-5b5a-f74233cf47f5@shurik.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Oleksandr Kryvulia <shuriku@shurik.kiev.ua> wrote: > 04.11.21 01:01, Mike Karels пишет: > > I have a pending change to stop using class A/B/C netmasks when setting > > an interface address without an explicit mask, and instead to use a default > > mask (24 bits). A question has arisen as to what the default mask should > > be for loopback interfaces. The standard 127.0.0.1 is added with an 8 bit > > mask currently, but additions without a mask would default to 24 bits. > > There is no warning for missing masks for loopback in the current code. > > I'm not convinced that the mask has any meaning here; only a host route > > to the assigned address is created. Does anyone know of any meaning or > > use of the mask on a loopback address? > > > > Thanks, > > Mike > > > > /8 mask on loopback prevetnts using of 127.x.x.x network anywhere > outside of the localhost. This described in RFC 5735 [1] and 1122 [2] > > [1] https://datatracker.ietf.org/doc/html/rfc5735 > [2] https://datatracker.ietf.org/doc/html/rfc1122 There is a push by some people to release 127.0.0.0/8 address space, leaving only 127.0.0.0/16 as reserved for localhost. https://www.spinics.net/lists/netdev/msg598545.html https://github.com/schoen/unicast-extensions/blob/master/127.md https://github.com/schoen/unicast-extensions/ I make no comment on the feasability of doing this! However, that aside, aren't you just confusing the mask with routing? I think the mask on any IP on a loopback interface should be /32 (if you want to add a "127.0.0.0/8 -local" route even if done automatically", then so be it) Note, the default FreeBSD firewall rules already have: ${fwcmd} add 100 pass all from any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any Cheers, Jamie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202111041303.1A4D3T0r091830>