Date: Mon, 15 May 2000 13:29:19 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: krentel@dreamscape.com (Mark W. Krentel) Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: rc.firewall rule 200 Message-ID: <200005152029.NAA35843@bubba.whistle.com> In-Reply-To: <200005150252.WAA07148@dreamscape.com> from "Mark W. Krentel" at "May 14, 2000 10:52:36 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Mark W. Krentel writes:
> The rc.firewall script adds these rules:
>
> ${fwcmd} add 100 pass all from any to any via lo0
> ${fwcmd} add 200 deny all from any to 127.0.0.0/8
The point of these two rules is to disallow someone on another
(locally networked) machine from doing this:
ifconfig lo0 down delete
route add 127.0.0.0 <your-machine-ip-address>
telnet 127.0.0.1
and circumventing your firewall.
-Archie
___________________________________________________________________________
Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200005152029.NAA35843>