Strengthen the rules governing the 127.0.0.0/8 subnet. The previous rules
allowed external hosts to send packets to the 127.0.0.0/8 subnet on the firewall host. Renumber the lo0 rules to guarantee they appear first. PR: 6406 Submitted by: Archie Cobbs <archie@whistle.com>
This commit is contained in:
Alexander Langer
parent
c2f3ec0b46
commit
0804188c52
@ -1,6 +1,6 @@
|
||||
############
|
||||
# Setup system for firewall service.
|
||||
# $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $
|
||||
# $Id: rc.firewall,v 1.18 1998/04/18 10:27:05 brian Exp $
|
||||
|
||||
if [ -f /etc/rc.conf ]; then
|
||||
. /etc/rc.conf
|
||||
@ -76,8 +76,8 @@ fi
|
||||
|
||||
############
|
||||
# Only in rare cases do you want to change these rules
|
||||
$fwcmd add 1000 pass all from any to any via lo0
|
||||
$fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8
|
||||
$fwcmd add 100 pass all from any to any via lo0
|
||||
$fwcmd add 200 deny all from any to 127.0.0.0/8
|
||||
|
||||
|
||||
# Prototype setups.
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user