Using localhost TCP/IP communication in a program - always safe?

windows linux networking firewall tcpip
8,182

Solution 1

  • Traffic to 127.0.0.0/8 and to ::1/128 is processed internally by the TCP/IP stack. It doesn't reach the physical network card and never leaves the computer, so it cannot be blocked by corporate firewalls.

  • Since loopback sockets are very common for IPC, good firewalls should never block it. (Windows Firewall doesn't.) However, there are some overly paranoid ones... In such cases, though, I would blame the firewall, not your software.

  • On Unix, it is possible to (accidentially) bring down the loopback interface (usually lo). Again, this is highly unusual.

  • Instead of a hardcoded port, socketpair() should be used when applicable, to avoid port collisions.

  • Even better would be to use Unix sockets on Linux and named pipes on Windows.

Solution 2

All these OSes support running firewall software. These could block localhost connections, although that's not very usual (in my experience).

There are lots of applications/services that do this. Just try running netstat -an on your box: chances are you will see quite a few applications with open listening sockets on 127.0.0.1.

I don't know of user settings that could prevent this from working on Linux. No idea for Windows. But again, this is a common technique.

Share:
8,182

Related videos on Youtube

Eli Bendersky
Author by

Eli Bendersky

Blog Github

Updated on September 18, 2022

Comments

  • Eli Bendersky
    Eli Bendersky almost 2 years

    I have an application which is separated into several parts (processes) communicating over TCP/IP, using a pre-defined port on localhost.

    Is this always safe? Can some kind of a firewall (corporate, locally installed, Windows firewall, etc.) block this traffic? Or can some user settings in the OS block this traffic?

    The OSes I'm interested in are Windows (XP through 7) and Linux (Ubuntu, Red Hat Linux, and SUSE).

    • CreeDorofl
      CreeDorofl over 13 years
      I'm not sure if you're trying to prevent the traffic or make sure the traffic goes through? Traffic going through a specific port can always be blocked, if someone volunteers to do so.
    • Eli Bendersky
      Eli Bendersky over 13 years
      @CreeDorofl: make sure it goes through

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How do I view the TCP Send and Receive Queue sizes on Windows?
TCP/IP Forwarding in Windows Vista and Above
How do I share internet with Windows from my Linux box?
nc both fails and succeeds
TCP connect: No route to host
Unable to connect to samba shared folder via windows
Why Windows Firewall does not block outgoing traffic?
Linux to Windows ping
How to use iptables to allow traffic only through ONE SPECIFIC VPN
How to use FQDN in firewall rules for GNU/Linux?