Strengthen the rules governing the 127.0.0.0/8 subnet. The previous rules

allowed external hosts to send packets to the 127.0.0.0/8 subnet on the firewall host. Renumber the lo0 rules to guarantee they appear first. PR: 6406 Submitted by: Archie Cobbs <archie@whistle.com>
svn path=/head/; revision=35444
1998-04-25 00:40:55 +00:00 · 1998-04-25 00:40:55 +00:00 · 0804188c52 · 2020-12-20 02:59:44 +00:00
commit 0804188c52
parent c2f3ec0b46
1 changed files with 3 additions and 3 deletions
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@ -1,6 +1,6 @@
 ############
 # Setup system for firewall service.
-# $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $
+# $Id: rc.firewall,v 1.18 1998/04/18 10:27:05 brian Exp $

 if [ -f /etc/rc.conf ]; then
 	. /etc/rc.conf
@ -76,8 +76,8 @@ fi

 ############
 # Only in rare cases do you want to change these rules
-$fwcmd add 1000 pass all from any to any via lo0
-$fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8
+$fwcmd add 100 pass all from any to any via lo0
+$fwcmd add 200 deny all from any to 127.0.0.0/8


 # Prototype setups.