Yes, probably that's what I saw rather than any more complex rules. Good tip about using tcpdump to learn what if anything the loopback is doing over time.
Since it's so easy for an inexperienced user to inadvertently block lo0 with the default rules, it might be worthwhile to add a sentence or two about this the next time the pf section of the networking FAQ is updated. Thanks. //Leigh Engelhart ------------------------------------------------------------------------------------- The only case where I explicitely use lo0 in rules is to excempt it from a previous default block rule, as in # block everything (on _all_ interfaces) by default block in all block out all # don't filter the loopback interface pass in quick on lo0 all pass out quick on lo0 all Run tcpdump on lo0 for a week to see what kind of traffic occurs on there. I never felt the need to restrict it, and blocking it completely does break things in subtle ways (local dns, mail). Or did you find an example rule set that actually blocks/allows specific traffic (certain ports, etc.) on the loopback interface? Daniel
