Date: Mon, 24 Sep 2001 09:43:42 -0700 (PDT) From: Lamont Granquist <lamont@scriptkiddie.org> To: Joe Abley <jabley@automagic.org> Cc: Juha Saarinen <juha@saarinen.org>, 'Andrew Reilly' <areilly@bigpond.net.au>, <freebsd-stable@FreeBSD.ORG> Subject: Re: 127/8 continued Message-ID: <20010924094048.X5906-100000@coredump.scriptkiddie.org> In-Reply-To: <20010924070102.I4205@buffoon.automagic.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 24 Sep 2001, Joe Abley wrote: > On Mon, Sep 24, 2001 at 07:16:00PM +1200, Juha Saarinen wrote: > > :: Those packets are _supposed_ to get back to this host. That's > > :: what loopback is for. > > > > Yes, I think the RFCs make a point of this. > > RFC1122 also says, in the same paragraph, "addresses of this form > MUST NOT appear outside the host." This is what we're talking about. Right now if you take a vanilla FBSD box a 'ping 127.1.1.1' will be routed to the default router. > Installing a null covering route for 127/8 with the blackhole bit > set seems a good way of preventing addresses with a destination > within 127/8 from being sent out on a non-loopback interface, without > resorting to nasty hacks which make address handling on the loopback > interface different to every other interface. It is also consistent > with the robustness principle. > > route add 127.0.0.0 -netmask 255.0.0.0 -iface lo0 -blackhole It seems that 127.0.0.1 works when you do this, as do aliases that you add to the lo0 interface. Works for me. > But, whatever. This is hardly a monumental requirement worth bickering > over. Its worth getting right though. Keep the surprises minimal. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010924094048.X5906-100000>