FS#5087 - trust lo by default in firewall
Attached to Project:
Arch Linux
Opened by Dale Blount (dale) - Friday, 21 July 2006, 14:45 GMT
Last edited by Thomas Bächler (brain0) - Wednesday, 14 May 2008, 12:50 GMT
Opened by Dale Blount (dale) - Friday, 21 July 2006, 14:45 GMT
Last edited by Thomas Bächler (brain0) - Wednesday, 14 May 2008, 12:50 GMT
|
Details
I think we should follow suit with other distros and allow
all traffic on lo by default. Any processes that use tcp/ip
via localhost fail with iptables turned on unless this is
added:
-A INPUT -i lo -j ACCEPT |
This task depends upon
Closed by Thomas Bächler (brain0)
Wednesday, 14 May 2008, 12:50 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in iptables 1.4.0 or so, don't remember.
Wednesday, 14 May 2008, 12:50 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in iptables 1.4.0 or so, don't remember.
Comment by Dale Blount (dale) -
Sunday, 01 July 2007, 01:32 GMT
This bites me again and again. Judd, mind if I make this change to
/etc/iptables/simple_firewall.rules?
Comment by Greg (dolby) - Saturday,
15 December 2007, 15:42 GMT
can anyone look into this? thx
Comment by Thomas Bächler (brain0) -
Monday, 17 December 2007, 08:36 GMT
We don't add any rules by default, so I don't see a reason to
change this. Maybe we could add a sane set of default rules in
that file, like the ones I posted on the wiki some time ago.
Comment by Dale Blount (dale) -
Monday, 17 December 2007, 13:10 GMT
Thomas, I'm talking about the rules in simple_firewall.rules. I
often use this as a base for my configuration and it never fails
me to eventually hit a problem where packets on lo are blocked.
Comment by Dan McGee (toofishes) -
Wednesday, 14 May 2008, 03:01 GMT
Ping? Do we provide simple_firewall.rules? If so this really seems
like an obvious addition and an easy close.