From 0dbdc948c7c2bda7e2610a7b48b17f63bec184ea Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Wed, 3 Jun 2015 19:21:52 +0200 Subject: firewall: allow 127.0.0.1/8 on lo. --- roles/common/files/usr/local/sbin/update-firewall.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'roles/common/files/usr/local/sbin') diff --git a/roles/common/files/usr/local/sbin/update-firewall.sh b/roles/common/files/usr/local/sbin/update-firewall.sh index 33b6ef1..f25f507 100755 --- a/roles/common/files/usr/local/sbin/update-firewall.sh +++ b/roles/common/files/usr/local/sbin/update-firewall.sh @@ -256,7 +256,7 @@ run() { iptables -A INPUT -p tcp \! --syn -m state --state NEW -j DROP # Allow all input/output to/from the loopback interface. - local localhost=$(inet46 $f '127.0.0.1/32' '::1/128') + local localhost=$(inet46 $f '127.0.0.1/8' '::1/128') iptables -A INPUT -i lo -s "$localhost" -d "$localhost" -j ACCEPT iptables -A OUTPUT -o lo -s "$localhost" -d "$localhost" -j ACCEPT -- cgit v1.2.3