On Sunday 27 January 2002 20:42, Johannes Geiger wrote:
On Fri, Jan 25, 2002 at 02:46:49PM -0600, Paul Elliott wrote:
loopback interface because I have decided the localhost is safe.
I don't have any bright ideas for testing your firewall, from the same machine, although VM Ware uses dummy IP addresses for communication with hosts, perhaps UML to? The idea would be to run another copy of kernel, as a virtual machine, which communicates with host, over a private network. But can't you filter out packets based on interface -i ppp+ is any PPP interface for example. Then you can have high confidence by connecting to services which will cause packets that you block, for instance ident lookups when you connect to IRC, and querying an NTP or DNS server you will receive UDP response packets that can be logged and blocked.
Do not rely on localhost being safe. There has been a long discussion on this topic on bugtraq (around Mar 5, 2001, in case you want to look it up). The bottom line was that there are Operating Systems (including -- if I remember correctly -- Linux) which allow external access to the localhost interface. (This is restricted to machines on the same subnet of course, because 127.0.0.1 is not routed.)
Shouldn't the kernel rp_filter reject '127.0.0.1' spoofed packets coming in on other interfaces? fetchmail will actually fall back to using /usr/lib/sendmail, so you don't need to run the local SMTP server at all, for incoming email. Rob