You can filter loopback traffic only if your system is running at least Solaris 10 7/07 release. In previous Oracle Solaris 10 releases, loopback filtering is not supported.
Assume a role that includes the IP Filter Management rights profile, or become superuser.
You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
Stop Oracle Solaris IP Filter if it is running.
# svcadm disable network/ipfilter |
Edit the /etc/ipf.conf or /etc/ipf6.conf file by adding the following line at the beginning of the file:
set intercept_loopback true; |
This line must precede all the IP filter rules that are defined in the file. However, you can insert comments before the line, similar to the following example:
# # Enable loopback filtering to filter between zones # set intercept_loopback true; # # Define policy # block in all block out all <other rules> ... |
Start the Oracle Solaris IP filter.
# svcadm enable network/ipfilter |
To verify the status of loopback filtering, use the following command:
# ipf —T ipf_loopback ipf_loopback min 0 max 0x1 current 1 # |
If loopback filtering is disabled, the command would generate the following output:
ipf_loopback min 0 max 0x1 current 0 |