Jose_Lisbon

Browser rules

Recommended Posts

If you have "Intercept loopback interface" enabled you'll see rules that are created for local ports that the browser uses for it's internal communication (it's talking to itself over the loopback interface). This is why you see the 0-65535 port range as eventually when a certain number of ports are added, OA expands the rule to include a range rather than hundreds of single ports.

Your rules for Firefox and IE look different because Firefox is using TCP for loopback whereas IE seems to be using UDP for loopback :)

Share this post


Link to post
Share on other sites

I created a couple of basic rules for Firefox to avoid this behaviour with "Intercept loopback interface" enabled:

1. Allow / TCP / Out

Ports: 80,443,1024-5000,12080*

2. Deny /TCP / Out

Ports: 0-65535

1024-5000 (Loopback Interface)

443 (https)

80 (http)

*12080 (Avast! Antivirus) - this port depends on the AV used. This only applies to AV software that filters web traffic acting like a proxy.

You may need additional ports, for example: 21 (FTP)

Share this post


Link to post
Share on other sites

1024-5000 (Loopback Interface)

Just remember that this only applies when your OS is XP.

Win7 uses 49152 and above for loopback interface.

Martin.

Share this post


Link to post
Share on other sites

Just remember that only applies when your OS is XP.

Win7 uses 49152 and above for loopback interface.

Martin.

Ah, sorry! I forgot to mention my OS:

XP Pro SP3 with OA Free / Avast! Antivirus Free

:)

Share this post


Link to post
Share on other sites

The problem is that the free version doesn't allow to tune up the rules.

If you trust a process, it generally has open access to all ports. That is what "trusted" usually means, among other things.

Share this post


Link to post
Share on other sites

If you trust a process, it generally has open access to all ports. That is what "trusted" usually means, among other things.

Maybe, but there are firewall rules. The OP asked about them.

Share this post


Link to post
Share on other sites

In standard mode if you edit a rule it will go back do default after reboot. I tried it once with Utorrent.

I'm not sure exactly what method you are using, but if you set up the firewall rules you want, then create a "Block all" firewall rule for that program, it only allows the existing rules you have previously created and silently blocks any other traffic for that program. It doesn't matter what mode you are running for this.

By "Block all", I mean, All ports, Both protocols and Both directions.

Share this post


Link to post
Share on other sites

The problem is that the free version doesn't allow to tune up the rules.

You can create or modify rules in the free version :)

If you want, you could try the rules for Firefox I posted. However don't forget to change the Loopback Interface port range if your OS is Win7/Vista and set the correct port for your AV if needed.

49152-65535 (Win 7/Vista - Loopback Interface)

Share this post


Link to post
Share on other sites

You can create or modify rules in the free version :)

If you want, you could try the rules for Firefox I posted. However don't forget to change the Loopback Interface port range if your OS is Win7/Vista and set the correct port for your AV if needed.

49152-65535 (Win 7/Vista - Loopback Interface)

Hi Nick.

Two questions:

Where do I change the port range you gave me? Because I only see, in Options, a box to check or uncheck for Loopback Interface.

And what do you mean set the correct port for your AV if needed. Do you mean set it in Firefox FW rules?

Regards,

Jose.

EDIT Ignore this post. I've found the answers above on one of nick's posts.

Share this post


Link to post
Share on other sites

EDIT Ignore this post. I've found the answers above on one of nick's posts.

No problem. For your convenience I've just re-posted the basic rules for Firefox here, including also the port range related to Loopback in Win7 (as kindly highlighted by MMNC in his post):

1. Allow / TCP / Out

Ports: 80,443,1024-5000**,12080* --> Win XP

Or

Ports: 80,443,12080*,49152-65535*** --> Win7 / Vista

2. Deny / TCP / Out

Ports: 0-65535

**1024-5000 (Loopback Interface for Win XP)

***49152-65535 (Loopback Interface for Win7/Vista)

443 (https)

80 (http)

*12080 (Avast! Antivirus) - this port depends on the AV used. This only applies to AV software that filters web traffic acting like a proxy.

You may need additional ports, for example: 21 (FTP)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.