From b75e58541a31781124218ea3a09ccfa25ec2e15d Mon Sep 17 00:00:00 2001
From: Christian Hagenest <christian.hagenest@suse.com>
Date: Tue, 6 Dec 2022 19:12:59 +0100
Subject: [PATCH 1/4] ansible remed for set_loopback_traffic

---
 .../set_loopback_traffic/ansible/shared.yml   | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml

diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml
new file mode 100644
index 00000000000..89adbb3c616
--- /dev/null
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml
@@ -0,0 +1,19 @@
+# platform = multi_platform_sle
+
+- name: Allow incoming traffic on the loopback interface
+  ansible.builtin.iptables:
+    chain: INPUT
+    in_interface: lo
+    jump: ACCEPT
+
+- name: Allow outgoing traffic on the loopback interface
+  ansible.builtin.iptables:
+    chain: OUTPUT
+    out_interface: lo
+    jump: ACCEPT
+
+- name: Drop incoming traffic from the localhost
+  ansible.builtin.iptables:
+    chain: INPUT
+    source: "127.0.0.0/8"
+    jump: DROP
\ No newline at end of file

From f6a6fb3f409eae8e0c3bbefeeddcb00cb37014cf Mon Sep 17 00:00:00 2001
From: Christian Hagenest <christian.hagenest@suse.com>
Date: Tue, 6 Dec 2022 19:13:14 +0100
Subject: [PATCH 2/4] bash remed for set_loopback_traffic

---
 .../set_loopback_traffic/bash/shared.sh       | 23 +++----------------
 1 file changed, 3 insertions(+), 20 deletions(-)

diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh
index c0bc3083c8e..20568dfb519 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh
@@ -1,22 +1,5 @@
 # platform = multi_platform_sle
 
-# Implement the loopback rules:
-nft add rule inet filter input iif lo accept
-nft create rule inet filter input ip saddr 127.0.0.0/8 counter drop
-
-# Check IPv6 is disabled, if false implement IPv6 loopback rules
-[ -n "$passing" ] && passing=""
-[ -z "$(grep "^\s*linux" /boot/grub2/grub.cfg | grep -v ipv6.disabled=1)" ] && passing="true"
-
-grep -Eq "^\s*net\.ipv6\.conf\.all\.disable_ipv6\s*=\s*1\b(\s+#.*)?$" \
-/etc/sysctl.conf /etc/sysctl.d/*.conf && \
-grep -Eq "^\s*net\.ipv6\.conf\.default\.disable_ipv6\s*=\s*1\b(\s+#.*)?$" \
-/etc/sysctl.conf /etc/sysctl.d/*.conf && sysctl net.ipv6.conf.all.disable_ipv6 | \
-grep -Eq "^\s*net\.ipv6\.conf\.all\.disable_ipv6\s*=\s*1\b(\s+#.*)?$" && \
-sysctl net.ipv6.conf.default.disable_ipv6 | \
-grep -Eq "^\s*net\.ipv6\.conf\.default\.disable_ipv6\s*=\s*1\b(\s+#.*)?$" && passing="true"
-
-# Is IPv6 Disabled? (true/fasle)
-if [ "$passing" = false ] ; then
-    nft add rule inet filter input ip6 saddr ::1 counter drop
-fi
+iptables -A INPUT -i lo -j ACCEPT
+iptables -A OUTPUT -o lo -j ACCEPT
+iptables -A INPUT -s 127.0.0.0/8 -j DROP
\ No newline at end of file

From 2e8307b37a199e97ffbd420ec12b2a22eaabc746 Mon Sep 17 00:00:00 2001
From: Christian Hagenest <christian.hagenest@suse.com>
Date: Wed, 7 Dec 2022 14:10:43 +0100
Subject: [PATCH 3/4] add newline to ansible remed for loopback_traffic

---
 .../iptables_activation/set_loopback_traffic/ansible/shared.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml
index 89adbb3c616..c0253ba93d1 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/ansible/shared.yml
@@ -16,4 +16,4 @@
   ansible.builtin.iptables:
     chain: INPUT
     source: "127.0.0.0/8"
-    jump: DROP
\ No newline at end of file
+    jump: DROP

From 5e98367eda96dd4791e65d4fcf16c0a6a566913e Mon Sep 17 00:00:00 2001
From: Christian Hagenest <christian.hagenest@suse.com>
Date: Wed, 7 Dec 2022 15:38:10 +0100
Subject: [PATCH 4/4] really add newline to bash set_loopback_traffic

---
 .../iptables_activation/set_loopback_traffic/bash/shared.sh     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh
index 20568dfb519..1cf0625e02f 100644
--- a/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh
+++ b/linux_os/guide/system/network/network-iptables/iptables_activation/set_loopback_traffic/bash/shared.sh
@@ -2,4 +2,4 @@
 
 iptables -A INPUT -i lo -j ACCEPT
 iptables -A OUTPUT -o lo -j ACCEPT
-iptables -A INPUT -s 127.0.0.0/8 -j DROP
\ No newline at end of file
+iptables -A INPUT -s 127.0.0.0/8 -j DROP