sön 2009-08-16 klockan 19:17 +1200 skrev Amos Jeffries:
> Aha. Just connect() then? not really bind() or listen()?
Correct. Bind to 0.0.0.0 is "any address".
> I'm thinking that aliasing has already been done before Squid gets such
> packets at the 'other end'. So that we only see the real localhost IP if
> its intercepted. Right?
0.0.0.0 is not valid for use on the wire. I would expect stacks to
discard such packets.
> Problem might be DNS on forward proxy traffic, but thats validated out
> of existence to a NXDOMAIN.
?
> Leaving only hosts file entries. I know 0.0.0.0 is used to boganize
> domain names at times. Because it doesn't resolve!
> For the intended use of the ACL as you highlight, yes I agree it's a
> good change. It may not be good for the reality situation though.
Well, it's the same thing so doesn't matter really.
> What about a bogons ACL for less confusion?
dst 0.0.0.0 is not more bogon than dst 127.0.0.1.
Regards
Henrik
Received on Sun Aug 16 2009 - 15:56:25 MDT
This archive was generated by hypermail 2.2.0 : Mon Aug 17 2009 - 12:00:05 MDT