test

System Administration Guide: IP Services

ProcedureHow to Enable Loopback Filtering

Note –

You can filter loopback traffic only if your system is running at least Solaris Express, Developer Edition 1/08 release. In previous Solaris 10 releases, loopback filtering is not supported.

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Stop Solaris IP Filter if it is running.


    # svcadm disable network/ipfilter

  3. Edit the /etc/ipf.conf or /etc/ipf6.conf file by adding the following line at the beginning of the file:


    set intercept_loopback true;

    This line must precede all the IP filter rules that are defined in the file. However, you can insert comments before the line, similar to the following example:


    # 
# Enable loopback filtering to filter between zones 
# 
set intercept_loopback true; 
# 
# Define policy 
# 
block in all 
block out all 
<other rules>
...

  4. Start the Solaris IP filter.


    # svcadm enable network/ipfilter

  5. To verify the status of loopback filtering, use the following command:


    # ipf —T ipf_loopback
ipf_loopback    min 0   max 0x1 current 1
#

    If loopback filtering is disabled, the command would generate the following output:


    ipf_loopback    min 0   max 0x1 current 0