On Tue, Aug 27, 2002 at 12:36:33PM -0400, Leigh Engelhart wrote: > In the pf scripts submitted here for review or help, I've noticed a few > times rules that involved the loopback interface (i.e. lo0). In the pf FAQ > and How-To I've read, this isn't mentioned. What sorts of setup or uses > would call for such rules?
The only case where I explicitely use lo0 in rules is to excempt it from a previous default block rule, as in # block everything (on _all_ interfaces) by default block in all block out all # don't filter the loopback interface pass in quick on lo0 all pass out quick on lo0 all Run tcpdump on lo0 for a week to see what kind of traffic occurs on there. I never felt the need to restrict it, and blocking it completely does break things in subtle ways (local dns, mail). Or did you find an example rule set that actually blocks/allows specific traffic (certain ports, etc.) on the loopback interface? Daniel
