Blocking internet access while still allowing localhost connections

I have a question. As far as I can remember previous versions of CIS used to ask permission for both localhost and internet connection attempts by applications. This allowed me to give applications access to local services while blocking their internet access.

With the new 3.12 version I only see a question for permission for one of the connection attempts (usually the localhost access), which when permitted (with the remember this answer option checked) seems to also allow the application access to the internet.

I’ve had messages from applications which only asked for localhost access (which I permitted) that there was an update available (which it could only have detected by accessing the internet).

Since in the past this was treated as a separate connection attempt I was unpleasantly surprised by this fact.

So is this a feature of the firewall? Can I change this behavior with a setting? Or is this a bug?

Hi PJK,

First, the connection alerts you receive will depend on the settings you are using for the firewall. If you have stipulated a high alert notification then you will be prompted for different connection types.

Second, by localhost, are you referring to the alert requests typically received from applications such as browsers, Where the request is to connect to 127.0.0.1 TCP or UDP plus Port? If so, please be aware that these are not requests to access resources on the local PC, they are simply a request that allows an application to communicate with itself.

If you wish to allow an application to use local resources but be prohibited from connection to the Internet, simply create a rule that blocks Internet access, for that application.

Ok, I’ve raised the level off the firewall alerts to Custom Policy. Maybe that was what I had before, but when upgrading from 3.5 to 3.12 (I stuck with 3.5 for a while because of the dpc latency issue present in all the intermediate versions) I had to uninstall 3.5 before I could install 3.12. This might have changed my settings back to the default settings comodo uses.

And indeed with the localhost comms I meant the 127.0.0.1 address. Technically it allows loopback traffic, even to other running applications, so it isn’t necessarily communicating with itself. Hence the request for allowing this type of communication.

Using a custom rule for the application is something I want to do, but in the past this was what I could do when the outside traffic alert popped up (block connection + remember).

I don’t want to have to do this manually by going to the rules list, because that list is usually very long and finding the right application can be a bit of a lengthy process.

Hopefully the higher alert level will reinstate this behaviour.

I’ll do some tests to see if it does

UPDATE

Nope, the same behaviour is still happening with the higher alert levels.

If I look at the rule created after I allow the loopback connection for ImgBurn (which it asks for when I ask it to perform a check for updates), it shows the following:

Allow TCP Out from IP Any to IP Any Where Source Port is any and Destination Port is 10800

This is at odds with the fact that it only asked permission to connect to 127.0.0.1 port 10800.

I’ll switch off the alert for loopback connections, maybe that does the trick.

UPDATE 2

That seems to enable the applications to access the internet without asking anything! All the other alerts are switched on, just the loopback alerts are switched off.

I think this is probably a bug!

In addition to changing the Firewall Security Level, you also need to change the Alert level on the other tab to Very High. You’ll notice the wording as you raise the level. this is where I have mine set.

Yep, that did the trick!