What could be iptables rules to allow all loopback communication (regardless to actual interface, address and port)?

I am using vuurmuur to set up iptables. It does not allow to create a rule where source and destination are both 'firewall' (meaning this particular host). How do I make all connections featuring the firewall host calling itself (which means ip-based client-server software communication, like a database server and an application server) trusted and allowed?


Solution 1:

The INPUT and OUTPUT table concern the local machine itself receiving and sending packets respectively, no matter which interface or address is involved. You probably want a rule that accepts everything received from interface lo in INPUT, and accepts everything sent on interface lo in OUTPUT. In plain iptables:

iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

If you are using addresses other than localhost (or 127.0.0.1), then you may need specific rules. But if so, perhaps you can explain the reason why you are using such addresses, because your problem domain may very well end up matching your network domain. (Or at least make you consider other options.)