global rule and application rule to allow in/out localhost for all ports

Hello!

I have 2 questions to which I couldn’t find a proper answer. If there is one thread that deals with this please point me to it.

  1. I want to create a global rule for all applications to be allowed to access localhost (127.0.0.1) on all ports.
  2. I want to create an application specific rule (vlc.exe) to be able to access only localhost on all ports and no other addresses.

thanx.

If you open the CIS control panel from the system tray and select:

Network Security Policy/Network Zones

You should find a zone which is automatically created during installation, it’s called Loopback zone.

For you Global rule:

Action - Allow
Protocol - TCP or UDP
Direction - Out
Source Address - ANY
Destination address - Select Network zone then Loopback zone (or enter 127.0.0.1)
Source Address - ANY
Destination Address - ANY

For your VLC Application rule

Application name - vlc.exe
Action - Allow
Protocol - TCP or UDP
Direction - Out
Source Address - ANY
Destination Address - 127.0.0.1
Source Port - ANY
Destination port - ANY

Then add another rule for vlc to stop it doing anything else:

Application name - vlc.exe
Action - Block
Protocol - IP
Direction - In/Out
Source Address - ANY
Destination Address - ANY
IP Details - ANY