summary refs log tree commit diff
path: root/gnu/services
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/services')
-rw-r--r--gnu/services/networking.scm5
1 files changed, 4 insertions, 1 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index 99889e3072..0508a4282c 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1813,7 +1813,10 @@ table inet filter {
     ct state { established, related } accept
 
     # allow from loopback
-    iifname lo accept
+    iif lo accept
+    # drop connections to lo not coming from lo
+    iif != lo ip daddr 127.0.0.1/8 drop
+    iif != lo ip6 daddr ::1/128 drop
 
     # allow icmp
     ip protocol icmp accept
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-12-12 16:27:45 +0000