(Firewall) Inbound Loopback Networking Alerts .276

This a curious. After running 276 for a couple of days, I have suddenly started getting Inbound loopback alerts in the firewall logs, for both firefox and thunderbird.

Now, I’m not surprised to be getting these alerts as the default Loopback Zone is only configured for IP Out. What confuses me is why the alerts have just started now ???

Btw, I have the Alert settings set to High and the PC has been restarted several times since the install of 276 and the time the alerts started.

Anyway, I guess I’ll have to create or modify a rule to cater for the inbound requests, no big deal, but it’s strange.

[attachment deleted by admin]

I think these are actually outbound loopback connections being blocked for some reason (probably by firefox.exe’s Application Rules). When I enable outbound loopback connections and log them, they look exactly like this: 0.0.0.0 as source address, 127.0.0.1 as destination address. I wasn’t able to detect/log/block any incoming loopback connections with CFP 3.0.14.276 so far.

I heard Firefox uses loopback to communicate with some of it’s extensions. Have you installed any before the alerts started?

Try adding an Application Rule for firefox.exe allowing outgoing IP connections to 127.0.0.1, and see if the alerts disappear.

Hi MaratR, All Mozillz products use loopback, it’s actually a bit of a feature, you can read about it on bugzilla.

This is interesting, having played around a little more, I believe you are right, they are outbound. I just assumed Inbound because of the detail in the loopback zone rule that was added to 276, which is IP Out.

It’s easy enough to turn this logging off, but I have to wonder why it’s doing this. It’s also curious the Source Address is 0.0.0.0, which is normally reserved as a default route, or I guess in this case, the default host?

So I wonder where the problem lies. D+ has fx loopback networking set to allow, the loopback rule has been added to the browser rule… let the investigation begin :slight_smile:

btw, I forgot to mention, these alerts only fire when either tb of fx are launched or closed.

Ok, found it :slight_smile: Just had to add a global rule to support loopback networking. My custom global rules were blocking it.

Are you sure it was the global rules blocking loopback connections? Can you disable the rule you’ve created to see it gets back to blocking again? And if it does, can you post the rule here?

You see, I’ve tried blocking connections to (and then from) 127.0.0.1 in global rules to see whether they interfere with loopback networking or not, and they had no effect whatsoever. I can browse through the localhost proxy server even when there is a global rule blocking any IP connections to 127.0.0.1. ???

I am getting the same loopback behavior when Thunderbird starts up, and don’t have any global rules. The App in mine actually shows up as Thunderbird, and I don’t get them from Firefox, even though I have the loopback there restricted to the Avast! 12080 proxy port. I left them blocked for a while, finally added an applicatiom level allow rule since they seem part of TB initialization. But I haven’t found out why TB talks to itself at initialziation either. ???

You might want to look at these sded:

http://kb.mozillazine.org/SSL_is_disabled
http://kb.mozillazine.org/Firewalls

It’s essentially down to SSL in all Mozilla products that use it, that includes tb, hence the loopback requirement at launch and exit.

Under v2 I had to have both Application rules for UDP/TCP IN/OUT and Network Monitor rules with the same parameters for loopback to work correctly.

That’s essentially what I’ve done now under v3.

Thanks; sounds right for my symptoms. I encrypt all email with TLS/SSL in Thunderbird. I think Mozilla gets by with the passive FTP rule. :slight_smile: