> Or did you find an example rule set that actually blocks/allows specific > traffic (certain ports, etc.) on the loopback interface?
$ netstat -a | grep 600 If you find TCP:6000 opened you should filter it on *every* interface, lo0 included. (Obviously this is valid if you don't need X access from remote systems) Note that without that filter a local user could spy (and sniff the keyboard of) root. Ed
