What could be iptables rules to allow all loopback communication (regardless to actual interface, address and port)?

linux firewall iptables

I am using vuurmuur to set up iptables. It does not allow to create a rule where source and destination are both 'firewall' (meaning this particular host). How do I make all connections featuring the firewall host calling itself (which means ip-based client-server software communication, like a database server and an application server) trusted and allowed?


Solution 1:

The INPUT and OUTPUT table concern the local machine itself receiving and sending packets respectively, no matter which interface or address is involved. You probably want a rule that accepts everything received from interface lo in INPUT, and accepts everything sent on interface lo in OUTPUT. In plain iptables:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

If you are using addresses other than localhost (or 127.0.0.1), then you may need specific rules. But if so, perhaps you can explain the reason why you are using such addresses, because your problem domain may very well end up matching your network domain. (Or at least make you consider other options.)

Related

Alternatives to SSH for tunnelling connections
How can I have a user specific hosts file
How strict is line of sight?
squid and https URLs
Apache load balancer logging question
If logs are being truncated, why use Full recovery?
DisplayPort monitor turns off when 2 monitors are used
Google Docs Document Private Comment
How to empty the contents of continuosly streaming file in linux
How do I create block diagrams in Microsoft Office without using Visio?
How to check which font the system uses?
Windows bug? Freeze while copying files. Parallel another copy may unfreeze