It doesn't. The "pass in quick on lo0 proto {tcp,udp}from any port 6379 to
self port 6379 user luke" works.On Mon, Jan 16, 2017, 23:48 Sebastien Marie <[email protected]> wrote: > On Mon, Jan 16, 2017 at 11:04:48PM +0000, Luke Small wrote: > > I'm trying to have pf limit sending TCP packets over lo0 from a specific > > user. I made some rules, but they seem to be ignored when I check on > pfctl > > -vvvs rules it goes to the default lo0 pass rule: "pass out quick on lo0 > > proto { tcp, udp } from self port 6379 to any port 6379 user luke" and > > "block out quick on lo0 proto {tcp,udp} from self to any port 6379" > > obviously I'm using redis. Redis has authentication, but I think it'd be > > cool to have that extra layer of protection. > > > > check your /etc/pf.conf if it contains a line like: > > set skip on lo > > (it is in default pf.conf file), and remove it. > > pf(4) will not skip lo group, so lo0 will be filtered. > -- > Sebastien Marie
