5.3-RELEASE kde 3.3 and pf
Peter Jeremy
PeterJeremy at optushome.com.au
Wed Nov 10 23:42:52 PST 2004
On Wed, 2004-Nov-10 09:22:39 -0500, Michael Butler wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>> Maybe you should allow everything on lo0, in and out.
>
>127/8 should always be allowed on the loopback interface,
>127/8 should always be dropped from all other interfaces.
>
>I am "uncomfortable" saying that everything should be allowed ..
I agree with the latter but the former is unnecessarily restrictive.
By default, FreeBSD generates a static route to `hostname` via lo0.
The default ipfw rules are:
100 pass all from any to any via lo0
200 deny all from any to 127.0.0.0/8
300 deny ip from 127.0.0.0/8 to any
--
Peter Jeremy
More information about the freebsd-stable
mailing list