Configuration verification tool errors on "Status of the IPv4 nftables ruleset on loopback interface"

Solution Verified - Updated -

Issue

  • Configuration verification tool errors on "Status of the IPv4 nftables ruleset on loopback interface"
Status of the IPv4 nftables ruleset on loopback interface - change to appropriate settings as per the document.

This setting specifies the IPv4 nftables rules applied to the loopback interface on the system. Loopback traffic is generated between processes on the machine and is typically critical to the operation of the system. The loopback interface is the only place that loopback network traffic should be seen, all other interfaces should ignore traffic on this network as an anti-spoofing measure. This setting should be configured according to the needs of the business.

Expected    contains regular expression list:

ip\s*saddr\s*127\.0\.0\.0/8\s*counter\s*.*drop
iif\s*"lo"\s*.*accept

Actual  
iifname "lo" accept

Environment

  • Red Hat Enterprise Linux 9
  • nftables firewall
  • Third-party configuration verification tool

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content