1 of 1 people found this helpful
For this traffic, you would need to have:
Remote IP: 127.0.0.1
Source IP = Remote Network, since this is Inbound traffic. I suspect your Loopback rule allows Local Network 127.0.0.1 (as that's the rule from the HIPS Catalog), which doesn't apply to this blocked traffic.
FYI, the HIPS Catalog rule uses 127.0.0.1 and ::1 only. I've see applications use any number of different IPs in the 127.x.x.x range. You'll need to adjust your Loopback rule according to any blocked network traffic in the 127.x.x.x range, if necessary.
Thanks, this actually seems to work. I tried this a couple hours ago, and rebooted a few times, and sure enough, I got traffic to pass with a "reversed" loopback rule.
I'm trying to understand why this rule is needed, though. It seems like the loopback rule from the KB would have sufficed, since the source traffic was still 127.0.0.1. Wouldn't this have counted as the local network? Or, is this reversed because the traffic was inbound?
Should the KB be updated to include this caveat? This seems like it applies to that same situation.
Would HIPS 7 have treated this traffic any differently? I recall that HIPS 7 had these loopback rules built in by default.