Localhost - trusted?

Discussion in 'other firewalls' started by ASpace, Apr 8, 2007.

Thread Status:
Not open for further replies.
  1. ASpace

    ASpace Guest

    Hello . Happy Eastern !!! :thumb:

    It's me again . Sorry for asking probably stupid questions .

    My Eset Smart Security firewall is asking me to allow 127.0.0.1 (localhost) to the trusted zone . It does is everytime I connect or disconnect to the the networks . Well , it is probably a big that it does not remember my choice NO

    but what would happen if 127.0.0.1 is in the trusted zone settings . Does it pose any risk and how would a firewall act in this way ? Remember that my laptop is not always behind the modem/router .

    I use these settings:
    View attachment 188941
     

    Attached Files:

  2. JeffBuck

    JeffBuck Registered Member

    Joined:
    Mar 13, 2007
    Posts:
    32
    The question is different ... it cannot remember your choice because ... localhost is just your PC for your PC :D

    http://en.wikipedia.org/wiki/Localhost


    No risk, localhost have to be in firewall Trusted Zone.
    See for example the penultimate post in this thread:
    https://www.wilderssecurity.com/showthread.php?t=3900
     
  3. Ocky

    Ocky Registered Member

    Joined:
    May 6, 2006
    Posts:
    2,677
    Location:
    George, S.Africa
    Another way of putting it:

    The exact IP of the PC should not be added to the Zones.
    It is already there and listed as 127.0.0.1 or the localhost. This is the internal internet address of every Windows PC. If anything will want to call your PC from your PC, it will use the localhost address (or sometimes called loopback address). :D
     
  4. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Localhost does not need to be added to the trusted zone of any firewall. In some firewalls/setups, it can be a security risk.

    If the firewall is not remembering the answer not to add this, then it is either a bug, or there are other setting causing this. I will find time later to look into this.
     
  5. ASpace

    ASpace Guest

    Thanks Stem for the clarification .
    Much appreciared :thumb:
     
  6. ASpace

    ASpace Guest

    Update and question .

    The firewall works in 3 modes - Automatic , interactive and policy-based
    If I switch to Policy-based , I see the following (add subnet to the trusted zone without asking) . I can remove it and it remembers this settings however if I switch back to Automatic mode (and back to Policy-based) these settings are there again . The DNS server is my ADSL modem 192.168.1.1.

    So, should this be there ? Really sorry for the questions
     

    Attached Files:

    Last edited by a moderator: Apr 8, 2007
  7. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have just installed to check on these setting etc. I have shown concern here about rules in place.

    As for the "Add to Trusted Zone without asking",... well, comment from Eset would certainly be welcomed.
    My personal comment on this:- Adding the LAN automatically can save the user from creating rules, and in some possible LAN setups (where the router requires comms to the nodes on the LAN (such as stayalive comms)) I can see a possible reason/need for this. But as many setups I see, where the LAN is actually untrusted, be it on a large shared LAN (university/college), I see this as a major concern possible security risk.

    I have also looked at the "not adding the localhost as trusted", this can be done. But, when I place a rule to block 127.0.0.1 for firefox, this rule is not added. Certainly this firewall is still buggy.
     
  8. ASpace

    ASpace Guest

    Thanks very much , Stem !!! :thumb: :) :thumb: You are really helpful guy :D ;) :p :D :thumb:
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    By the way, just in case you did not read the EULA:-

    EULA.JPG
     
  10. ASpace

    ASpace Guest

    No , I haven't read it . I read EULAs of new and not known programs and ESET is ... well , a vendor I trust .

    But this information really shocked me . How dare a vendor collect personal information ! I am completely against such things . I'll post in the ESS beta forum and ask for explanation , this is really unacceptable and I do hope it is for the BETA process only .

    Thanks very much ! :thumb:
     
  11. JeffBuck

    JeffBuck Registered Member

    Joined:
    Mar 13, 2007
    Posts:
    32
    Stem, you are right.
    Yes, it isn't a need, but it's a common praxis, the default config of most good firewalls (Jetico, ZA, etc) contains a rule allowing it, also in linux firewall scripts it's "normal":

    # accept anything on localhost device
    $IPTABLES -A INPUT -j ACCEPT -p ALL -i 127.0.0.1
    $IPTABLES -A OUTPUT -j ACCEPT -p ALL -o 127.0.0.1

    Theoretically 127.0.0.1 is a particular address that it does not exist on the Internet net; it is classified for a particular function called loopback that it allows to verify the correct operation of the net card, driver and software.

    The sent packages of information to 127.0.0.1 are not transmitted on the net but they return to the computer that has generates them to you.

    Today the problem is that many sofware (firefox, avast, etc.) seem to make use of this address like a sort of local proxy ... but the application layer based firewall would have distinguish which software claims to use localhost to access on network even if it's in trusted zone.
    Isn't it?
    I have also noticed that, deleting localhost from Trusted Zone and adding single rules for single software to allow it causes problems in many (buggy?) firewall (see for example in Outpost forum), so, the simpler way is to leave it as trusted.
    The security risk is very light.
    All this IMHO.
     
  12. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes, it is common practice in a lot of firewalls, as it is easier for users as a lot of applications can use this for one reason or another.

    This does depend on the firewall. An example could be Jetico. Which, with the default rules will allow any application with "Access to Network" access to the trusted zone. Firewalls such as ZA do give access to the trusted zone via a tick/check box, so this is seen and it is easier for the user to control.
    It is the simpler/easier way, yes. But this is not always good practice, and does depend on the setup.
    Again, this depends on the setup. In most cases it is easier, and safe to place the localhost as trusted, and allow all application access to this.(it can/does save a lot of popups). But in a setup where there is a localhost proxy in use (such as "Proxo") then care needs to be taken.
     
  13. JeffBuck

    JeffBuck Registered Member

    Joined:
    Mar 13, 2007
    Posts:
    32
    thanks for you ulterior explanation :thumb:
     
  14. wiak

    wiak Registered Member

    Joined:
    Sep 10, 2006
    Posts:
    107
    it might be the infected files also:thumb:
     
  15. wat0114

    wat0114 Guest

    It is easier to allow local TCP and UDP connections, but with a little effort and patience, localhost rules can be applied on an individual basis without any problems in Outpost. After all is set up, the rules configuration can be saved and reapplied later if needed, eliminating the need for reconfiguring them, unless a new application requiring it has been added since the saved config, then the effort and time is at least minimized.
     
Thread Status:
Not open for further replies.