Securing the Network in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

How to Enable Loopback Filtering

Before You Begin

You must become an administrator who is assigned the IP Filter Management rights profile and the solaris.admin.edit/path-to-IPFilter-policy-file authorization. The root role has all of these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  1. Stop IP Filter if it is running.
    # svcadm disable network/ipfilter
  2. Add the following rule at the beginning of your IP Filter policy file.
    set intercept_loopback true;

    Use the pfedit command, as in:

    # pfedit /etc/ipf/myorg.ipf.conf

    This line must precede all block and pass rules that are defined in the file. However, you can insert comments before the line, similar to the following example:

    #set defrag off;
    # Enable loopback filtering to filter between zones 
    set intercept_loopback true; 
    # Define policy 
    block in all 
    block out all 
    other rules
  3. Enable IP Filter.
    # svcadm enable network/ipfilter
  4. To verify the status of loopback filtering, use the following command:
    # ipf -T ipf_loopback
    ipf_loopback    min 0   max 0x1 current 1

    If the value of current is 0, loopback filtering is disabled. If current is 1, loopback filtering is enabled.