问题
Does a firewall running on a machine only block stuff from outside that machine, or do they block communication between processes on a machine communicating via ports?
Specifically, I'm writing a windows service which will expose an http RESTful service for other processes on the machine. The service will be running on a non-standard port in the dynamic/private range - ie not port 80 or similar. Do I need to worry about any firewall that might be running on the machine?
This will be deployed only to windows machines - but I guess it's a general question.
(Asked earlier on SF but perhaps this is more of a dev-focused question)
回答1:
Firewalls usually block network calls based on protocol(tcp, udp, http, etc), port, and/or ip. So if you have a local process making a tcp/ip call to your loopback address (127.0.0.1) then yes the firewall could be affecting the local process.
To be more specific to your question, most firewall programs should be configured to only allow specific address and ports and block everything else. So I would think you should consider this in your design.
回答2:
It depends on the firewall, but it's now very common to monitor (and intervene) processes in and out going.
Yes, you should plan for the likelihood that any activity over ports (UDP and TCP) is being monitor and potentially blocked depending on settings.
回答3:
I think it affects the local process too. As somedays back i tries running a process and the firewal prompted me whther to allow the process which is trying to access the port. So you need to take care of it.
来源:https://stackoverflow.com/questions/3800527/does-a-firewall-on-a-machine-only-block-stuff-from-outside-the-machine-or-also-f