From 20335a31ad92d0dc3d0aede47faa748609bcb1ef Mon Sep 17 00:00:00 2001
From: "David E. O'Brien" <obrien@FreeBSD.org>
Date: Mon, 5 Mar 2001 20:51:40 +0000
Subject: [PATCH] Also deny 127.0.0.0/8 going out.

Submitted by:	grimes
---
 etc/rc.firewall | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/etc/rc.firewall b/etc/rc.firewall
index 1755985f8888..3001f5856c3a 100644
--- a/etc/rc.firewall
+++ b/etc/rc.firewall
@@ -128,8 +128,9 @@ esac
 #
 ${fwcmd} add 100 pass all from any to any via lo0
 ${fwcmd} add 200 deny all from any to 127.0.0.0/8
+${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
 # If you're using 'options BRIDGE', uncomment the following line to pass ARP
-#${fwcmd} add 300 pass udp from 0.0.0.0 2054 to 0.0.0.0
+#${fwcmd} add 400 pass udp from 0.0.0.0 2054 to 0.0.0.0
 
 
 # Prototype setups.