X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=src%2Finitscripts%2Fsystem%2Ffirewall;fp=src%2Finitscripts%2Fsystem%2Ffirewall;h=fc355cd5d41deef8fed18f64ae298ed64560ee07;hb=2b44044bcf6d4aebcccc223390cf553c68d62eab;hp=48653ff5793763ae887101f7db11d8f76bedde1f;hpb=ea72759c97e051dc3ca42a4aded55f28a9df7f49;p=people%2Fpmueller%2Fipfire-2.x.git

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 48653ff579..fc355cd5d4 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -200,14 +200,10 @@ iptables_init() {
 	iptables -A INPUT -j ICMPINPUT
 	iptables -A ICMPINPUT -p icmp --icmp-type 8 -j ACCEPT
 
-	# Accept everything on loopback if source/destination is loopback space...
+	# Accept everything on loopback
 	iptables -N LOOPBACK
-	iptables -A LOOPBACK -i lo -s 127.0.0.0/8 -j ACCEPT
-	iptables -A LOOPBACK -o lo -d 127.0.0.0/8 -j ACCEPT
-
-	# ... and drop everything else on the loopback interface, since no other traffic should appear there
-	iptables -A LOOPBACK -i lo -j SPOOFED_MARTIAN
-	iptables -A LOOPBACK -o lo -j SPOOFED_MARTIAN
+	iptables -A LOOPBACK -i lo -j ACCEPT
+	iptables -A LOOPBACK -o lo -j ACCEPT
 
 	# Filter all packets with loopback addresses on non-loopback interfaces (spoofed)
 	iptables -A LOOPBACK -s 127.0.0.0/8 -j SPOOFED_MARTIAN