firewall without loopback interface

Hi All,

A few years back my college lecturer suggested that the most secure way to setup a (linux) firewall is to not have any loopback (lo) interface and hence it cannot run any local services but only forward traffic back and forth, etc. Obviously you would then have to manage the host from the console.

Any comments ?

Reply to
Loading thread data ...

Ridiculous nonsense.

Yours, VB.

Reply to
Volker Birk

Someone has a severe concept/nomenclature problem. The presence or absence of a loopback interface has nothing to do with the services that are being offered. The loopback is how the computer talks to _itself_ and if the loopback is vulnerable, it's because someone already 0wnZ the computer.

What is probably being talked about is not offering any services, OR limiting access to such services to specific internal hosts. Another concept is that there is no access FROM the firewall to any other system inside OR out - that is, the firewall is not considered a trusted system.

Gee, my home firewall is an old laptop that doesn't have a case, keyboard or display and offers no network services. Wonder why that works.

formatting link
and search for "Practical Unix & Internet Firewalls" by Zwicky,

Old guy

Reply to
Moe Trin

Linux does not bind to the loopback interface like Windows misguidedly does. Linux/Unix programs bind to the address found by gethostbyname( gethostname() ).

In this manner, any program that can create a port on the NIC, is instantly usable both publically and internally.

Internal services are accessed by FIFOs, SHMAT {ie shared seggments} or the AF-UNIX domain kind of sockets {not AF-TCP-ip public sockets }

hint: read the book(s) for youself and/or verify what you read/hear -- including this! :-)

Reply to
Jeff B


You cannot say this. It depends.

Not every Linux process uses UNIX domain sockets or named pipes for IPC without networking.

Yours, VB.

Reply to
Volker Birk

yes it all depends upon which standards one is applying or misapplying :-)

these conversations are like talking with your mother -- she always gets the last word. you win -- it's just not productive.

Reply to
Jeff B Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.