diff options
| author | alex <alex@FreeBSD.org> | 1998-04-25 00:40:55 +0000 |
|---|---|---|
| committer | alex <alex@FreeBSD.org> | 1998-04-25 00:40:55 +0000 |
| commit | 01c59a917d0152e1b58c83ddd4596e145ab2c7ff (patch) | |
| tree | 5798c09e804340912713040939a7fa6f5870d336 /etc | |
| parent | 42fda990adf9663de4ae8a037ac56116fbe27797 (diff) | |
| download | FreeBSD-src-01c59a917d0152e1b58c83ddd4596e145ab2c7ff.zip FreeBSD-src-01c59a917d0152e1b58c83ddd4596e145ab2c7ff.tar.gz | |
Strengthen the rules governing the 127.0.0.0/8 subnet. The previous rules
allowed external hosts to send packets to the 127.0.0.0/8 subnet on the
firewall host.
Renumber the lo0 rules to guarantee they appear first.
PR: 6406
Submitted by: Archie Cobbs <archie@whistle.com>
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/rc.firewall | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/etc/rc.firewall b/etc/rc.firewall index 204f50c..f72b32b 100644 --- a/etc/rc.firewall +++ b/etc/rc.firewall @@ -1,6 +1,6 @@ ############ # Setup system for firewall service. -# $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $ +# $Id: rc.firewall,v 1.18 1998/04/18 10:27:05 brian Exp $ if [ -f /etc/rc.conf ]; then . /etc/rc.conf @@ -76,8 +76,8 @@ fi ############ # Only in rare cases do you want to change these rules -$fwcmd add 1000 pass all from any to any via lo0 -$fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8 +$fwcmd add 100 pass all from any to any via lo0 +$fwcmd add 200 deny all from any to 127.0.0.0/8 # Prototype setups. |
