Re: netmask for loopback interfaces

Oleksandr Kryvulia <shuriku@shurik.kiev.ua> wrote:

> 04.11.21 01:01, Mike Karels пишет:
> > I have a pending change to stop using class A/B/C netmasks when setting
> > an interface address without an explicit mask, and instead to use a default
> > mask (24 bits).  A question has arisen as to what the default mask should
> > be for loopback interfaces.  The standard 127.0.0.1 is added with an 8 bit
> > mask currently, but additions without a mask would default to 24 bits.
> > There is no warning for missing masks for loopback in the current code.
> > I'm not convinced that the mask has any meaning here; only a host route
> > to the assigned address is created.  Does anyone know of any meaning or
> > use of the mask on a loopback address?
> >
> > Thanks,
> > 		Mike
> >
>
> /8 mask on loopback prevetnts using of 127.x.x.x network anywhere 
> outside of the localhost. This described in RFC 5735 [1] and 1122 [2]
>
> [1] https://datatracker.ietf.org/doc/html/rfc5735
> [2] https://datatracker.ietf.org/doc/html/rfc1122

There is a push by some people to release 127.0.0.0/8 address space,
leaving only 127.0.0.0/16 as reserved for localhost.

https://www.spinics.net/lists/netdev/msg598545.html

https://github.com/schoen/unicast-extensions/blob/master/127.md

https://github.com/schoen/unicast-extensions/

I make no comment on the feasability of doing this!

However, that aside, aren't you just confusing the mask with routing?

I think the mask on any IP on a loopback interface should be /32
(if you want to add a "127.0.0.0/8 -local" route even if done
automatically", then so be it)

Note, the default FreeBSD firewall rules already have:

    ${fwcmd} add 100 pass all from any to any via lo0
    ${fwcmd} add 200 deny all from any to 127.0.0.0/8
    ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any

Cheers, Jamie