I think these are actually outbound loopback connections being blocked for some reason (probably by firefox.exe’s Application Rules). When I enable outbound loopback connections and log them, they look exactly like this: 0.0.0.0 as source address, 127.0.0.1 as destination address. I wasn’t able to detect/log/block any incoming loopback connections with CFP 22.214.171.1246 so far.
I heard Firefox uses loopback to communicate with some of it’s extensions. Have you installed any before the alerts started?
Try adding an Application Rule for firefox.exe allowing outgoing IP connections to 127.0.0.1, and see if the alerts disappear.
Hi MaratR, All Mozillz products use loopback, it’s actually a bit of a feature, you can read about it on bugzilla.
This is interesting, having played around a little more, I believe you are right, they are outbound. I just assumed Inbound because of the detail in the loopback zone rule that was added to 276, which is IP Out.
It’s easy enough to turn this logging off, but I have to wonder why it’s doing this. It’s also curious the Source Address is 0.0.0.0, which is normally reserved as a default route, or I guess in this case, the default host?
So I wonder where the problem lies. D+ has fx loopback networking set to allow, the loopback rule has been added to the browser rule… let the investigation begin
Are you sure it was the global rules blocking loopback connections? Can you disable the rule you’ve created to see it gets back to blocking again? And if it does, can you post the rule here?
You see, I’ve tried blocking connections to (and then from) 127.0.0.1 in global rules to see whether they interfere with loopback networking or not, and they had no effect whatsoever. I can browse through the localhost proxy server even when there is a global rule blocking any IP connections to 127.0.0.1. ???
I am getting the same loopback behavior when Thunderbird starts up, and don’t have any global rules. The App in mine actually shows up as Thunderbird, and I don’t get them from Firefox, even though I have the loopback there restricted to the Avast! 12080 proxy port. I left them blocked for a while, finally added an applicatiom level allow rule since they seem part of TB initialization. But I haven’t found out why TB talks to itself at initialziation either. ???