Alert frequency (bug?)

I’ve got a program.exe requesting outbound connection to the wild.

I’ve increased the ‘‘alert frequency’’ of the Firewall to level four (that is, instead of balloon-alerting only once for the outbound connection, it actually asks for both the source port and the protocol).

Okay, so program.exe is runned and requests outbound to [IP] on TCP protocol for port 4460, and I accept with the ‘‘remember my answer’’ switch ticked.

When I take a look in my application rules, under program.exe it showed:
Always allow TCP out, to any IP, from any source port and to destination port 4460.

I had expected the rule to be:
Always allow TCP out, to any IP, from source port 4460 and to any destination port… because I don’t care which is the destination port of the machine which is getting the connection, but I do care about my program.exe being allowed to initiate outbound connections from other source ports than 4460!

Have I just found a serious bug, or is my reasoning just wrong?

TCP uses a random port (usually part of a sequence) on your computer to set up an outbound connection to a server. The destination port is set up to go to the server port that is listening for a tcp request-port 80 and 443 for http and https, for example. IANA says that port 4460 is not assigned to a specific function and can be used for whatever the server desires. So you only care about the destination port, since the server you are trying to access is only listening for you on that port. If you went to an arbitrary destination port you would usually just receive no response from the server. Take a look under firewall/active connections to see how your tcp connections are set up. :slight_smile:

That makes sense.
Thanks for the enlightenment. :slight_smile: