Go to main content

Securing the Network in Oracle® Solaris 11.3

Exit Print View

Updated: March 2018

How to Enable Loopback Filtering

Before You Begin

You must become an administrator who is assigned the IP Filter Management rights profile and the solaris.admin.edit/path-to-IPFilter-policy-file authorization. The root role has all of these rights. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  1. Stop IP Filter if it is running.
    # svcadm disable network/ipfilter
  2. Add the following rule at the beginning of your IP Filter policy file.
    set intercept_loopback true;

    Use the pfedit command, as in:

    # pfedit /etc/ipf/myorg.ipf.conf

    This line must precede all block and pass rules that are defined in the file. However, you can insert comments before the line, similar to the following example:

    #set defrag off;
    # Enable loopback filtering to filter between zones 
    set intercept_loopback true; 
    # Define policy 
    block in all 
    block out all 
    other rules
  3. Enable IP Filter.
    # svcadm enable network/ipfilter
  4. To verify the status of loopback filtering, use the following command:
    # ipf -T ipf_loopback
    ipf_loopback    min 0   max 0x1 current 1

    If the value of current is 0, loopback filtering is disabled. If current is 1, loopback filtering is enabled.