From 724856f88e1ffb72fefd7587d42aef40e12a9c69 Mon Sep 17 00:00:00 2001
From: obrien <obrien@FreeBSD.org>
Date: Mon, 5 Mar 2001 20:51:40 +0000
Subject: Also deny 127.0.0.0/8 going out.

Submitted by:	grimes
---
 etc/rc.firewall | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/rc.firewall b/etc/rc.firewall
index 1755985..3001f58 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -128,8 +128,9 @@ esac
 #
 ${fwcmd} add 100 pass all from any to any via lo0
 ${fwcmd} add 200 deny all from any to 127.0.0.0/8
+${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
 # If you're using 'options BRIDGE', uncomment the following line to pass ARP
-#${fwcmd} add 300 pass udp from 0.0.0.0 2054 to 0.0.0.0
+#${fwcmd} add 400 pass udp from 0.0.0.0 2054 to 0.0.0.0
 
 
 # Prototype setups.
-- 
cgit v1.1