firewall: Revert strict martian check on loopback interface

[people/pmueller/ipfire-2.x.git] / src / initscripts / system / firewall

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 48653ff5793763ae887101f7db11d8f76bedde1f..fc355cd5d41deef8fed18f64ae298ed64560ee07 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -200,14 +200,10 @@ iptables_init() {
        iptables -A INPUT -j ICMPINPUT
        iptables -A ICMPINPUT -p icmp --icmp-type 8 -j ACCEPT
 
-       # Accept everything on loopback if source/destination is loopback space...
+       # Accept everything on loopback
        iptables -N LOOPBACK
-       iptables -A LOOPBACK -i lo -s 127.0.0.0/8 -j ACCEPT
-       iptables -A LOOPBACK -o lo -d 127.0.0.0/8 -j ACCEPT
-
-       # ... and drop everything else on the loopback interface, since no other traffic should appear there
-       iptables -A LOOPBACK -i lo -j SPOOFED_MARTIAN
-       iptables -A LOOPBACK -o lo -j SPOOFED_MARTIAN
+       iptables -A LOOPBACK -i lo -j ACCEPT
+       iptables -A LOOPBACK -o lo -j ACCEPT
 
        # Filter all packets with loopback addresses on non-loopback interfaces (spoofed)
        iptables -A LOOPBACK -s 127.0.0.0/8 -j SPOOFED_MARTIAN