Date: Thu, 11 Nov 2004 18:42:42 +1100 From: Peter Jeremy <PeterJeremy@optushome.com.au> To: Michael Butler <imbutler@comcast.net> Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: 5.3-RELEASE kde 3.3 and pf Message-ID: <20041111074242.GP79646@cirb503493.alcatel.com.au> In-Reply-To: <2894.192.168.1.10.1100096559.squirrel@192.168.1.10> References: <20041110134853.GB87953@sr.se> <20041110140614.GO85877@weirdos.oban.frmug.org> <2894.192.168.1.10.1100096559.squirrel@192.168.1.10>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 2004-Nov-10 09:22:39 -0500, Michael Butler wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >> Maybe you should allow everything on lo0, in and out. > >127/8 should always be allowed on the loopback interface, >127/8 should always be dropped from all other interfaces. > >I am "uncomfortable" saying that everything should be allowed .. I agree with the latter but the former is unnecessarily restrictive. By default, FreeBSD generates a static route to `hostname` via lo0. The default ipfw rules are: 100 pass all from any to any via lo0 200 deny all from any to 127.0.0.0/8 300 deny ip from 127.0.0.0/8 to any -- Peter Jeremy
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041111074242.GP79646>