Hello,

I´ve created two rules for kerio, since I receive many connections from these two addresses, and maybe they are not legit,

remote: 127.0.0.1
direction both deny

remote 255.255.255.255
direction both deny

there was a day I received the connection from the remote address 255.255.255.255, continously, and I thought that it was not very normal

and for the 127.0.0.1, I get it mostly when I connect to a web browser, mozilla or ie,

notice that they are remote connections, not local, is for that reason that I have denied, since I know that they are internals addresses from the pc

am I doing right creating these rules?

Thanks and greetz

I would allow both these rules .

Loopback rules (127.0.0.1) are required by many applications (i.e Firefox, Internet Explorer, etc). Although this address appears as remote, it will only appear from your computer (not another computer). When creating a loopback rule, remember to remove the port number (as this will change often).

Your second rule (255.255.255.255) is some kind of broadcast. Guessing, I would say from a DHCP server. Do these ports appear as 67 and 68? If so, then I would allow (as this gives you your IP address). If not, post back with the port numbers.

Hope this helps.

so then these connections when I open firefox are correct?

local point: 0.0.0.0:1159 remote: 127.0.0.1, port 1158 outgoing tcp
local point 0.0.0.0:1161 remote:127.0.0.1, port 1160 outgoing tcp

The strange thing is that the 255.255.255.255 address sometimes doesn´t show at all, and many times shows in the right moment I connect, I connect through a modem not by a router, so I´m not sure if in this case I connect throuht a DHCP server...... I guess that this connection from 255.255.255.255 would have to show every time I connect, and in ocassions doesn´t show at all

well, I´m going to remove that rule denying loopback then, thanks for answering

I see, then I´m using DHCP, since my ip is dinamic

Thanks for your help