Security issue combining loopback and private networks
-
Hi there.
I'd just like to note a potential malicious loopback attack on an untrusted LAN, such as a school, public internet or other not completely trusted network. Combining the block loopback and private networks on the interface page into a single option means it needs to be disabled for LAN, allowing loopback communication.
I suggest separating these into two options to deal with this, as I believe it is sensible to have loopback blocked from any LAN. At the moment I deal with the issue with custom rules.
Regards,
Jeverz -
This option should generally be turned on, unless this network interface resides in such a private address space, too. -
@bob-dig My LAN is in private address space. My WAN is in private address space with a different subnet.
-
@jeverz9 On your LAN you don't have to allow access to the firewall, but that is up to you. On your WAN you don't want access from private IP Space and Loopback and that is what this checkbox is good for.
-
Ok, I get it now. Sorry.
