localhost <-> localhost connection rules

Hello everyone,

I am using CIS for a long time now and I am not sure if my current problem is existing since the beginning or if it was due to one of the many updates:
I have different rules managing connections to 127.0.0.1:80. I have a proxy server running on this port and want to make sure that only specific applications can access it.
The current situation is that all applications coming from 127.0.0.1 and connecting to 127.0.0.1 are always allowed! I tried this many different ways e.g.:
My global rules are empty and I put telnet on top of the custom rules (firewall set to custom policy) and denying everything and logging it. This works fine except if telnet sends something to localhost. No log entry and Connection established.
I understand if there is a hard coded rule in CIS to make sure that essential windows services can talk to each other but it would be nice if there is somewhere an option to control everything.
Can someone confirm this behaving or did I make a mistake?
I use XPpro32, with version 3.12.111745.560

Greetings from Germany, Berlin

Just checked this with the same blocking rule for telnet in an older version (3.025.378)
Its perfectly blocking it like it should!
So it seems a problem with this specific (or earlier) versions?

Can you check the following, open the GUI → Firewall → Advanced, Firewall Behavior Settings → Alert Settings.

Check if “Enable alerts for loopback requests” is checked?

Thanks for the answer.
It is checked!
I played with this setting, but seems to make no difference at all.

On my system it always alert for 127.0.0.1 traffic.

Can you post a screenshot from the application that is still allowed to connect?

I mainly use telnet to test the rules, but the problem applies to any other application also of course.
Attached you can see two blocked connection requests to test.de. But to localhost nothing is blocked.
There are no rules in the global section and the firewall is set to custom mode and the alert localhost checker was always on.
Hope that helps.

[attachment deleted by admin]

I can confirm this, if i test this with telnet or netcat i don’t get alerts either…

But if a “normal” application tries to connect to my local squid proxy i do get an alert.
So there seems to be a difference in “testing” and an application connecting to 127.0.0.1

I’ll see if i can find out some more about this…

Thank you.
I am willing to help to fix this, let me know if I can do something.

Can you try 3.13 see if that fixes your problem?

I can’t repeat my earlier problem with it, i get an alert for telnet 127.0.0.1 80 and 135 also.

Sorry for the long delay.
I jumped right away to 3.14.130099.587 and in this version the problem is fixed!

Thank you.

Good to know, i already forgot this one :wink: Thanks for confirming it’s fixed :-TU