Strengthen the rules governing the 127.0.0.0/8 subnet. The previous rules

allowed external hosts to send packets to the 127.0.0.0/8 subnet on the
firewall host.

Renumber the lo0 rules to guarantee they appear first.

PR:		6406
Submitted by:	Archie Cobbs <archie@whistle.com>

etc/rc.firewall

@@ -1,6 +1,6 @@
 ############
 # Setup system for firewall service.
-# $Id: rc.firewall,v 1.17 1998/04/15 16:41:14 phk Exp $
+# $Id: rc.firewall,v 1.18 1998/04/18 10:27:05 brian Exp $
 
 if [ -f /etc/rc.conf ]; then
 	. /etc/rc.conf
@@ -76,8 +76,8 @@ fi
 
 ############
 # Only in rare cases do you want to change these rules
-$fwcmd add 1000 pass all from any to any via lo0
-$fwcmd add 1010 deny all from 127.0.0.0/8 to 127.0.0.0/8
+$fwcmd add 100 pass all from any to any via lo0
+$fwcmd add 200 deny all from any to 127.0.0.0/8
 
 
 # Prototype setups.