How to Enable Loopback Filtering - Securing the Network in Oracle® Solaris 11.2

Securing the Network in Oracle^® Solaris 11.2

Exit Print View

» ...Documentation Home » Oracle Solaris 11.2 Information Library » Securing the Network in Oracle^® ... » Configuring IP Filter » Configuring the IP Filter Service » How to Enable Loopback Filtering

Updated: August 2014

Securing the Network in Oracle^® Solaris 11.2

Document Information

Using This Documentation

Chapter 1 Using Link Protection in Virtualized Environments

Chapter 2 Tuning Your Network

Chapter 3 Web Servers and the Secure Sockets Layer Protocol

Chapter 4 About IP Filter in Oracle Solaris

Chapter 5 Configuring IP Filter

Configuring the IP Filter Service

How to Display IP Filter Service Defaults

How to Create IP Filter Configuration Files

How to Enable and Refresh IP Filter

How to Disable Packet Reassembly

How to Enable Loopback Filtering

How to Disable Packet Filtering

Working With IP Filter Rule Sets

Managing Packet Filtering Rule Sets for IP Filter

Managing NAT Rules for IP Filter

Managing Address Pools for IP Filter

Displaying Statistics and Information for IP Filter

How to View State Tables for IP Filter

How to View State Statistics for IP Filter

How to View IP Filter Tunable Parameters

How to View NAT Statistics for IP Filter

How to View Address Pool Statistics for IP Filter

Working With Log Files for IP Filter

How to Set Up a Log File for IP Filter

How to View IP Filter Log Files

How to Flush the Packet Log Buffer

How to Save Logged Packets to a File

IP Filter Configuration File Examples

Chapter 6 About IP Security Architecture

Chapter 7 Configuring IPsec

Chapter 8 About Internet Key Exchange

Chapter 9 Configuring IKEv2

Chapter 10 Configuring IKEv1

Chapter 11 Troubleshooting IPsec and Its Key Management Services

Chapter 12 IPsec and Key Management Reference

Network Security Glossary

Language:

How to Enable Loopback Filtering

Before You Begin

You must become an administrator who is assigned the IP Filter Management rights profile and the solaris.admin.edit/path-to-IPFilter-policy-file authorization. The root role has all of these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

Stop IP Filter if it is running.
```
# svcadm disable network/ipfilter
```
Add the following rule at the beginning of your IP Filter policy file.
```
set intercept_loopback true;
```
Use the pfedit command, as in:
```
# pfedit /etc/ipf/myorg.ipf.conf
```
This line must precede all block and pass rules that are defined in the file. However, you can insert comments before the line, similar to the following example:
```
...
#set defrag off;
# 
# Enable loopback filtering to filter between zones 
# 
set intercept_loopback true; 
# 
# Define policy 
# 
block in all 
block out all 
other rules
```
Enable IP Filter.
```
# svcadm enable network/ipfilter
```
To verify the status of loopback filtering, use the following command:
```
# ipf -T ipf_loopback
ipf_loopback    min 0   max 0x1 current 1
#
```
If the value of current is 0, loopback filtering is disabled. If current is 1, loopback filtering is enabled.

Copyright © 1999, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices