What could be iptables rules to allow all loopback communication (regardless to actual interface, address and port)?
I am using vuurmuur to set up iptables. It does not allow to create a rule where source and destination are both 'firewall' (meaning this particular host). How do I make all connections featuring the firewall host calling itself (which means ip-based client-server software communication, like a database server and an application server) trusted and allowed?
Solution 1:
The INPUT
and OUTPUT
table concern the local machine itself receiving and sending packets respectively, no matter which interface or address is involved. You probably want a rule that accepts everything received from interface lo
in INPUT
, and accepts everything sent on interface lo
in OUTPUT
. In plain iptables:
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
If you are using addresses other than localhost
(or 127.0.0.1
), then you may need specific rules. But if so, perhaps you can explain the reason why you are using such addresses, because your problem domain may very well end up matching your network domain. (Or at least make you consider other options.)