I need to add a rule in the firewall so that my self-hosted http web service can receive requests, however whenever I add a rule which specifies the program or service that is doing the hosting, client requests are blocked.

Netstat reveals that the PID listening on that port is 4 (SYSTEM). I do not want to open the entire port for any call to SYSTEM, I would like to restrict the calls to the specific program / service which is performing the hosting. Can anyone provide some insight on how I can accomplish this?

netstat -ano
TCP    0.0.0.0:1234        0.0.0.0:0              LISTENING       4
TCP    [::]:1234              [::]:0              LISTENING       4

Here is a barebone example (actual hosting library was asp.net mvc4 web api, but I have found that it is also true with the original wcf web api and just regular wcf services). I tried opening the service host on its own thread but that had no affect. What is odd is that when I write the PID to the console it is the programs PID but the netstat still reports that it is listening as PID 4.

class Host
{
    private static HelloWorldService service;

    static void Main()
    {
        Thread HostingThread = new Thread(OpenHostingThread);
        HostingThread.Start();

        Console.WriteLine("Server Running...");
        Console.ReadLine();
    }

    static void OpenHostingThread()
    {
        service = new HelloWorldService();
        HttpServiceHost host = new HttpServiceHost(service, "http://localhost:1234");
        host.Open();
        Console.WriteLine(Process.GetCurrentProcess().Id);
    }
}