Local Loopback

Discussion in 'LnS English Forum' started by pantezuma, Mar 31, 2011.

Thread Status:
Not open for further replies.
  1. pantezuma

    pantezuma Registered Member

    Joined:
    Apr 19, 2010
    Posts:
    14
    Hi to all.
    I've been trying to understand LNS as far as I can.
    So far so good...
    I have one question related Local Loopback.
    I used to have Kerio 2.1.5, which allowed me to set a rule for "All Applications" connecting to 127.0.0.1.
    I don't seem to find this in LNS (I've googled it).
    One of the problems i'm encountering is when trying to install Oracle XE. It seems that many components "talk" themselves via TCP/IP at localhost.
    I guess that there are many programs that work like this.
    Is there any way to allow Local Loopback via a rule or something?
    Thanks in adavance!

    PS: Sorry for my english!
     
  2. 0strodamus

    0strodamus Registered Member

    Joined:
    Aug 23, 2009
    Posts:
    1,047
    Location:
    United Surveillance States
    LnS ignores all localhost communications. There is no way to set a rule; it allows all by default.
     
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    That's what keeps me from using this otherwise very fine firewall (and [deleted ref]). All localhost allowed by default.
    NOD, Avast, Avira and many other security applications can do web monitoring via one localhost port. If we can't set a rule to block applications from using that port, my understanding is that a tunnel is made and it is not safe.
     
    Last edited: Apr 2, 2011
  4. Thomas M

    Thomas M Registered Member

    Joined:
    Jan 12, 2003
    Posts:
    355
    Interesting...

    I have no idea: How can a loopback packet leave my computer without being detected by my internet filtering ??

    Thanks for clarification

    Thomas :)
     
  5. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    New application attempting to use Local loopback, Look ‘n’ Stop Application filtering will detect and alert.

    Anything using Local loopback interface to then make Internet connections, don’t get a free pass .. simply because the Local loopback interface was used.
     
    Last edited: Apr 2, 2011
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK


    An application blocked from Internet access is also blocked from loopback/localhost.



    - Stem
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    Post edited. Did not mean any disrespect, sorry.
     
  8. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    I think I'm now confused.
    I, like pantezuma, come from Kerio, and its relative (which I won't name 'cause it might be seen as an ad :( ), where I can make rules for local host and the proxy ports use or non use.

    @Phant0m and Stem,
    Have I misunderstood the answer - see posts 8 and 9 here
    https://www.wilderssecurity.com/showthread.php?t=256474

    and to clarify my question, can something like this be done in LnS - see proxy blocks at the end of the screen shots in this ancient thread
    http://www.dslreports.com/forum/remark,13064195
     
    Last edited: Apr 2, 2011
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    The loopback(localhost) is only intercepted at application(filtering) level. So if you allow an application internet access, you allow it all loopback. If you block internet for an application, then you also block it from loopback.
    You cannot make rules for loopback address, they are not filtered by the driver sitting on the NIC(Internet filtering).




    - Stem
     
  10. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    If a new application attempts to use Local loopback interface, it’ll be detected by Application filtering, you can permit or deny the application. When you deny the application, it’ll also deny application attempts to use local loopback interface. When permitting the application .. you have no fine controls for just the Local loopback activity done by the application there-after.
     
  11. pantezuma

    pantezuma Registered Member

    Joined:
    Apr 19, 2010
    Posts:
    14
    Hi to all.
    And what about allowing that application at the Application Filter layer to only connect to 127.0.0.1?
    Would that work?
    Thanks in advance.
     
  12. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Specify !0-65535 for TCP and UDP ports, this'll block TCP & UDP packets sent to Internet but still allow local Loopback activity.
     
  13. pantezuma

    pantezuma Registered Member

    Joined:
    Apr 19, 2010
    Posts:
    14
    Hi to all.
    I tried the !0-65535 trick but it doesn't seem to work.
    It doesn't work putting 127.0.0.1 and allowing all ports neither.
    I made it work by setting only the port for Oracle 1521 and my Ip in Application Filtering.
    I don't know that much about TCP/IP but I have dinamic IP, so I know that tomorrow this rule won't work as I will have a new IP!
    I used to think that my IP was similar to 127.0.0.1 to local applications...
    Is there any way to reference my IP in Application Filtering considering what I have stated?
    Any help would be appreciated!

    PS: Sorry for my english.
     
Thread Status:
Not open for further replies.