Rule for Access to LocalHost?

capatt · December 6, 2007, 9:13pm

I have NOD32 v 3.0 which uses an http proxy to connect applications to the internet. If I understand this correctly, it creates something akin to a “tunnel”, hiding (including possibly malicious) applications from the view of a Firewall.
One of the ways to deal with this, and still maintain the valuable scanning of traffic, is to set up a global rule to ask for permission for any program to access localhost. That way, when any program is rerouted through NOD32’s ekrn process, the firewall picks it up. Of course, I would want the firewall to remember my decision.

How would one write that rule?

There’s an epic post generating lots of discussion:
http://www.wilderssecurity.com/showthread.php?t=192305

Coolio10 · December 6, 2007, 9:24pm

A global rule should fix this. Since localhost is also 127.0.0.1 you need to set it up using destination ip, source ip or both.

capatt · December 6, 2007, 9:30pm

That’s actually what I attempted to do, but I’m no expert. This is what I have as a global rule:

Allow: TCP or UDP: Out
Source Address: Any
Destination Address: Single IP: 127.0.0.1
Source Port: Any
Destination Port: Any

Checked: Log as a firewall event if rule is fired

So, will this do the trick, or is further modification needed, and will the firewall alert and wait for a response?

Thanks for the help!

Coolio10 · December 6, 2007, 9:35pm

Not sure how NOD works. Maybe someone else can help.

Touche · December 8, 2007, 6:39pm

Isn’t THIS the best solution?