System Administration Guide: IP Services

ProcedureHow to Enable Loopback Filtering

Note –

You can filter loopback traffic only if your system is running at least Solaris 10 7/07 release. In previous Oracle Solaris 10 releases, loopback filtering is not supported.

  1. Assume a role that includes the IP Filter Management rights profile, or become superuser.

    You can assign the IP Filter Management rights profile to a role that you create. To create the role and assign the role to a user, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.

  2. Stop Oracle Solaris IP Filter if it is running.

    # svcadm disable network/ipfilter
  3. Edit the /etc/ipf.conf or /etc/ipf6.conf file by adding the following line at the beginning of the file:

    set intercept_loopback true;

    This line must precede all the IP filter rules that are defined in the file. However, you can insert comments before the line, similar to the following example:

    # Enable loopback filtering to filter between zones 
    set intercept_loopback true; 
    # Define policy 
    block in all 
    block out all 
    <other rules>
  4. Start the Oracle Solaris IP filter.

    # svcadm enable network/ipfilter
  5. To verify the status of loopback filtering, use the following command:

    # ipf —T ipf_loopback
    ipf_loopback    min 0   max 0x1 current 1

    If loopback filtering is disabled, the command would generate the following output:

    ipf_loopback    min 0   max 0x1 current 0