The Firewall function is to monitor all network traffic and to alert when something irregular is going in or out of a computer to another computer on the a LAN or to the Internet in particular. As it is, BOINC is made up of 4 components who talk to each other internally over the so-called *LocalHost* which always employs IP 127.0.0.1 and utilizing the Remote Procedure Call or in short RPC protocol. RPC uses the BOINC designated port 31416 (was 1043) and a second, randomly assigned port in the range 1038-5000. These 4 components that can be active are.

• BOINCmgr.exe, the GUI Manager
  
• BOINC.exe, the Core Client or Daemon (Will show as "World Community Grid - BOINC Agent" in Task Manager when using the WCG install package)
  
• BOINCcmd.exe, the command line tool (mostly used on Linux)
  
• boincscr.exe, the screensaver engine (newer clients, not Linux)
  
• boinc.scr, the screensaver

This RPC traffic over LocalHost NEVER leaves the computer EXCEPT if the BOINC client actually needs to report work or retrieve new tasks or e.g. to update the local profile with changes made on the website. In normal use, then, both processes will be on the same computer, and the address that is connected to is the special "Loopback" address aka LocalHost. This works whether there is an Internet connection or not. The data goes from one process to the networking layer of the operating system and the operating system sends it straight back to the other process.

What is observed by firewalls like Zone Alarm, Sunbelt Personal Firewall and others makes is the continuous exchange of the process status. This is a once per second communication of the BOINCmgr or BOINC Screensaver with the BOINC daemon who in turn listens for the sciences *heartbeat*, checking that all is fine and exchanging status info. If an event occurs, it is recorded in various BOINC logs which entries can be viewed in the BOINCmgr GUI, Message Tab.

Given that Software firewalls do not distinct between LocalHost/Loopback traffic and regular LAN and Internet communication, they tend to continuously blink in the System Tray. It is perfectly safe to ignore. Depending on the brand, exemptions can be set to ignore this traffic complete and even exclude it from system activity recording. Often, the first time BOINC or one of its components is started, the Firewall gives an alert through a pop-up window like the example above. At that time give it a permanent exemption.

That there is no traffic going outside the computer except for the fore-mentioned work and update interactions with the projects servers can be verified. Disconnecting the computer from the Internet and or LAN will confirm this.

Considering the wide variety of software firewalls used, the documentation needs to be consulted for the how-to specifics. An IP group could be added for BOINC to only be allowed to talk over localhost 127.0.0.1 and the project IP's as for WCG's 198.20.8.241 & 198.20.8.246, and outbound ports 80(HTTP) + 443(HTTPS) and the earlier noted ports for the localhost traffic. By adding the project IP's for whatever Distributed Computing Project the client is attached to, you are further assured that BOINC could never interact, but with the projects a user trusts.

More help on a few common firewalls and their required setup can be found here .