firewalls and localhost

[perl coder]

Do typical Windows firewalls (XP's build-in firewall, Zone Alarm, Black
Ice, etc.) concern themselves with localhost (127.0.0.1) traffic?

In other words, say I'm writing a system service that opens TCP port
12345 on localhost only, so *local* users can connect and interact
with the service over local TCP/IP sockets. I want my application to
be as hassle-free as possible for most users. I don't want them to have
to open up ports on their firewall (which, from what I understand, WinXP
now enables by default).

Note: I'm not talking about spoofed packets (ie, packets with source
address 127.0.0.1 that are arriving from a network interface). I'm just
wondering how Windows firewalls handle *true* localhost traffic.

 

[perl coder]

Chris Palmer said:

I'm almost positive Windows ICF and ZoneAlarm can't be configured to
block localhost traffic from the user interface.

This is good news. Can anyone confirm this?

I have used Unix OS's and created firewall rulesets that do block
localhost traffic for hardening purposes.

That's exactly the scenario I'm concerned about. If most machines are
so hardened that they block localhost by default, then my application
can't run unless the user takes the trouble to open up TCP 127.0.0.1:12345.

I presume you're aware that localhost traffic is normally used for
applications/processes that use sockets to communicate with other
applications/processes on the same host; as well as for network
loopback testing purposes.

Yup. I would have prefered to use a named pipe instead (thereby
bypassing any firewall issues), but that would mean splitting the
codebase (different named pipes for Windows and Unix). Since sockets
are more portable, I'd like to use them. But only if it's not too
much hassle for the users...