From owner-freebsd-ipfw Mon May 15 13:29:34 2000 Delivered-To: freebsd-ipfw@freebsd.org Received: from bubba.whistle.com (bubba.whistle.com [207.76.205.7]) by hub.freebsd.org (Postfix) with ESMTP id 7D3F437B578 for ; Mon, 15 May 2000 13:29:32 -0700 (PDT) (envelope-from archie@whistle.com) Received: (from archie@localhost) by bubba.whistle.com (8.9.3/8.9.2) id NAA35843; Mon, 15 May 2000 13:29:19 -0700 (PDT) From: Archie Cobbs Message-Id: <200005152029.NAA35843@bubba.whistle.com> Subject: Re: rc.firewall rule 200 In-Reply-To: <200005150252.WAA07148@dreamscape.com> from "Mark W. Krentel" at "May 14, 2000 10:52:36 pm" To: krentel@dreamscape.com (Mark W. Krentel) Date: Mon, 15 May 2000 13:29:19 -0700 (PDT) Cc: freebsd-ipfw@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL54 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Mark W. Krentel writes: > The rc.firewall script adds these rules: > > ${fwcmd} add 100 pass all from any to any via lo0 > ${fwcmd} add 200 deny all from any to 127.0.0.0/8 The point of these two rules is to disallow someone on another (locally networked) machine from doing this: ifconfig lo0 down delete route add 127.0.0.0 telnet 127.0.0.1 and circumventing your firewall. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message