On Mon, Jan 16, 2017 at 11:04:48PM +0000, Luke Small wrote:
> I'm trying to have pf limit sending TCP packets over lo0 from a specific
> user. I made some rules, but they seem to be ignored when I check on pfctl
> -vvvs rules it goes to the default lo0 pass rule: "pass out quick on lo0
> proto { tcp, udp } from self port 6379 to any port 6379 user luke" and
> "block out quick on lo0 proto {tcp,udp} from self to any port 6379"
> obviously I'm using redis. Redis has authentication, but I think it'd be
> cool to have that extra layer of protection.
>
check your /etc/pf.conf if it contains a line like:
set skip on lo
(it is in default pf.conf file), and remove it.
pf(4) will not skip lo group, so lo0 will be filtered.
--
Sebastien Marie
