iptables: what does "--src-type LOCAL" mean exactly?

Question

The iptables man page defines it as "a local address" but does this refer only to the 127 range (localhost) or does it include 10, 169, 192 as well ?

check https://www.halolinux.us/firewalls/addrtype-filter-table-match-extension.html — acgbox, Jul 24 '21 at 18:34

Lethargos · Answer 1 · 2019-01-26T15:41:16.893

12

I believe the answer that addr-type LOCAL means loopback is wrong, because it is only a partial answer and is extremely misleading. LOCAL means ANY IP assigned on one of the interfaces of the host, including the loopback. If you say that LOCAL is simply 127.0.0.0/8 (as sasanet has stated), then you'd limit it to the loopback interface, which is plain wrong.

Moreover, the IP can even be routable and public. For the host it's irrelevant, because from its perspective that IP is going to refer to the host itself. If you curl or ping to the public ip assigned on one if its interfaces, it will obviously not going to send the packet out, it will route it locally. example:

ip address show dev eth0:

 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP group default qlen 1000
    link/ether 0a:e7:8b:89:d5:f4 brd ff:ff:ff:ff:ff:ff
    inet 172.31.20.254/20 brd 172.31.31.255 scope global dynamic eth0
       valid_lft 3110sec preferred_lft 3110sec

ip route show table local:

local 172.31.20.254 dev eth0 proto kernel scope host src 172.31.20.254

(as already stated, it is obviously irrelevant if the ip is private or public, as long as it is assigned to the network interface)

edited Jan 26 '19 at 15:41

answered Jan 26 '19 at 15:35

Lethargos

396
1
4
16

Yes, but "local" even in this sense is going to be routed through the local table, as far as I can tell, right? If you delete the rule mentioned in my answer in the local table, then you woun't be able to use that ip to refer to that host itself. I also tried it with 127.0.0.1 (and 127.0.0.0/8) and it's the same thing. So I'm guessing the local table is actually related. The problem (I'd say) with the manual in the ip route is that, while it's technically correct, it's also slightly misleading, as you might think only of the loopback. But correct me if I'm wrong. – Lethargos Jan 27 '19 at 12:19
I was just trying to split hairs (and already gave a +1), I'll remove my comment heh. – A.B Jan 27 '19 at 12:22
Don't need to do that, really. Thanks for the +1 anyway (although I'm not particularly interested in that). This is something I realised not long ago, so the reason why I replied to your comment, was to confirm that what I said was actually correct. Thanks :) – Lethargos Jan 27 '19 at 12:26
1

By LOCAL any IP of any interface is meant that goes through this host. You can check it for yourself with: `iptables -A INPUT -p tcp -m addrtype --src-type LOCAL -j LOG --log-prefix "Source IP is LOCAL "`, alternatively you may try `-A FORWARD` – 3ronco Aug 23 '20 at 09:37

score 3 · Accepted Answer · answered Oct 21 '10 at 19:53

3

Pretty good explanation here: http://security.maruhn.com/iptables-tutorial/x6330.html

Another discussion about it: http://www.linuxquestions.org/questions/linux-networking-3/wtf-addrtype-in-iptables-manpage-746659/

answered Oct 21 '10 at 19:53

2

So the answer is: "addresses on the host itself ... in the 127.x.x.x range". – Steven Monday Oct 21 '10 at 20:02
@StevenMonday No the answer is what Lethargos wrote. – atevm Mar 02 '19 at 12:51

invsblduck · Answer 3 · 2019-08-20T16:14:25.837

The terminology "local route" means the packets will be delivered "locally" to your host, because the destination is assigned to one of your host's interfaces. It does not only mean localhost, as in loopback addresses (nor 169.254/16 as in "link-local" addresses).

Linux uses the Netlink protocol to send messages between kernel space and user space—one of the Netlink families therein is NETLINK_ROUTE, which can be used to receive routing updates, modify interface addresses, etc. For example, the ip-route command from iproute2 uses this.

Looking at the addrtype source code of iptables, you'll see references to linux/rtnetlink.h, which defines RTN_LOCAL as a message type. The rtnetlink(7) man page describes RTN_LOCAL as:

rtm_type          Route type
───────────────────────────────────────────────────────────
RTN_LOCAL         a local interface route

None of this feels exactly clear when you read about it, and some of the best references I can find are miscellaneous Internet sources, so it's understandable why there's confusion.

I am also wondering why it was downvoted. I also answered that LOCAL does not only mean loopback, indeed, but your answer was more extensive and detailed. — Lethargos, Aug 20 '19 at 17:43

score -2 · Answer 4 · edited Oct 29 '11 at 16:46

-2

-m addr-type LOCAL is the 127.0.0.0/8-network.

edited Oct 29 '11 at 16:46

Kvisle

4,113
23
25

answered Oct 12 '11 at 00:39

sasanet

21
1

iptables: what does "--src-type LOCAL" mean exactly?

4 Answers4