On Wed, 2004-Nov-10 09:22:39 -0500, Michael Butler wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >> Maybe you should allow everything on lo0, in and out. > >127/8 should always be allowed on the loopback interface, >127/8 should always be dropped from all other interfaces. > >I am "uncomfortable" saying that everything should be allowed ..
I agree with the latter but the former is unnecessarily restrictive. By default, FreeBSD generates a static route to `hostname` via lo0. The default ipfw rules are: 100 pass all from any to any via lo0 200 deny all from any to 127.0.0.0/8 300 deny ip from 127.0.0.0/8 to any -- Peter Jeremy _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
