Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#5087 - trust lo by default in firewall
Attached to Project:
Arch Linux
Opened by Dale Blount (dale) - Friday, 21 July 2006, 14:45 GMT
Last edited by Thomas Bächler (brain0) - Wednesday, 14 May 2008, 12:50 GMT
Opened by Dale Blount (dale) - Friday, 21 July 2006, 14:45 GMT
Last edited by Thomas Bächler (brain0) - Wednesday, 14 May 2008, 12:50 GMT
|
DetailsI think we should follow suit with other distros and allow all traffic on lo by default. Any processes that use tcp/ip via localhost fail with iptables turned on unless this is added:
-A INPUT -i lo -j ACCEPT |
This task depends upon
Closed by Thomas Bächler (brain0)
Wednesday, 14 May 2008, 12:50 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in iptables 1.4.0 or so, don't remember.
Wednesday, 14 May 2008, 12:50 GMT
Reason for closing: Fixed
Additional comments about closing: Fixed in iptables 1.4.0 or so, don't remember.
Comment by Dale Blount (dale) -
Sunday, 01 July 2007, 01:32 GMT
This bites me again and again. Judd, mind if I make this change to /etc/iptables/simple_firewall.rules?
Comment by Greg (dolby) -
Saturday, 15 December 2007, 15:42 GMT
can anyone look into this? thx
Comment by Thomas Bächler (brain0) -
Monday, 17 December 2007, 08:36 GMT
We don't add any rules by default, so I don't see a reason to change this. Maybe we could add a sane set of default rules in that file, like the ones I posted on the wiki some time ago.
Comment by Dale Blount (dale) -
Monday, 17 December 2007, 13:10 GMT
Thomas, I'm talking about the rules in simple_firewall.rules. I often use this as a base for my configuration and it never fails me to eventually hit a problem where packets on lo are blocked.
Comment by Dan McGee (toofishes) -
Wednesday, 14 May 2008, 03:01 GMT
Ping? Do we provide simple_firewall.rules? If so this really seems like an obvious addition and an easy close.