diff options
| -rw-r--r-- | gnu/services/networking.scm | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 99889e3072..0508a4282c 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1813,7 +1813,10 @@ table inet filter { ct state { established, related } accept # allow from loopback - iifname lo accept + iif lo accept + # drop connections to lo not coming from lo + iif != lo ip daddr 127.0.0.1/8 drop + iif != lo ip6 daddr ::1/128 drop # allow icmp ip protocol icmp accept |