Tutorial for Utorrent with Comodo Firewall 3

[Guest]

[draceena]

Ahh, thanks for the information on getting my MAC address, I was wondering how to do that...I will change my rule asap.

 

EDIT: Just because I am curious, I did try the other rules and didn't really see any difference between the two. I do have one question though. When I am running Utorrent the port is open. When I stop Utorrent, the port closes but does NOT stealth. Is there a way to automatically stealth the port in Comodo after using Utorrent?

[n2o]

Looks good, else this works fine:

1. In uTorrent settings->Connections, disable "Activate UPnP portmapping" and "Randomize port everytime uTorrent starts". Choose a port for incoming connections.

*snip*

This works with everything enabled in Attack Detection Settings.

If done right, you should be able to reach maximum download and upload speeds in uTorrent.

Cheers,
Ragwing

OMG thank you thank you thank you thank you !

spent the whole morning trying to get pandlouk's rules to work, but yours are just too simple and easy !

thanks again !! 

[comode]

Hi, Im using utorrent 1.7.7, and winxpsp2.

I followed the first post, edited march17 2008, exactly, but my torrents would not connect.
I then followed the ragwigs post, edited may06 2008, and now they connect fine.

Which one should I stick with, for security reasons, and why didn't the first method work, but second one did?

I use a static ip, via wireless router.

Thanks.

[arran777]

How to configure Comodo firewall 3 for utorrent.

1. Go to : Firewall -> Advanced -> Attack Detection Settings -> Miscellanous and disable  Do Protocol analysis

2. Go to : Firewall -> Advanced -> Predifined Firewall Policies and select Add...

Give a name at the new Predefined Policy for example: utorrent

Add the following rules:

Rule 1
Action = Allow
Protocol = TCP or UDP
Direction = In
Description = Rule for incoming TCP and UDP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = the port of utorrent

Rule 2
Action = Allow
Protocol = TCP
Direction = Out
Description = Rule for outgoing TCP connections
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = A port range = (start port = 1025 / end port = 65535)

Rule 3
Action = Allow
Protocol = UDP
Direction = Out
Description = Rule for outgoing UDP connections
Source Address = Any
Destination Address = Any
Source port = the port of utorrent
Destination port = A port range = (start port = 1025 / end port = 65535)

Rule 4
Action = Ask (enable Log as a firewall event if this rule is fired)
Protocol = TCP
Direction = Out
Description = Rule for HTTP requests
Source Address = Any
Destination Address = Any
Source port = A port range = (start port = 1025 / end port = 65535)
Destination port = 80

Rule 5
Action = Block (enable Log as a firewall event if this rule is fired)
Protocol = IP
Direction = In/OUT
Description = Block and Log All Unmatching Requests
Source Address = Any
Destination Address = Any
IP Details = Any

3. Start utorrent. When Comodo asks you with a popup, choose Treat this application as select utorrent and enable Remember my answer.

Have a nice file sharing.

Additional Notes
If you have connectivity problems:
Go at Firewall -> Common Tasks -> Stealth ports wizard and select
Alert me to incoming connections- stealth my ports on a per-case basis

Because of a bug you must change the rule 4 (for HTTP requests) to allow. I hope this will be resolved with the next updates.

Panagiotis


If you have a router, you'll need to configure it for port forwarding:
http://portforward.com/english/routers/port_forwarding/routerindex.htm

1. Choose your router model (if it's not in the list, choose one from the same company)
2. Select the software (in this case, uTorrent)
3. Now follow the steps in the guide

Tweak to increase download speed

Ragwing


If you have just a modem, you may need to add a rule (above the last block all) to allow outgoing DNS requests such as:

Action = Allow
Protocol = UDP
Direction = Out
Description = Allow Outgoing DNS
Source Address = Any
Destination Address = Any (or your ISP's DNS server for extra security)
Source port = Any
Destination port = 53

=Soyabeaner

HI About  Rule number 4
Rule for HTTP requests

Can some one tell me What is rule number 4 for?? which is set to ask.

And if I do put this rule in How would should I answer to the pop up??

[kail]

HI About  Rule number 4
Rule for HTTP requests

Can some one tell me What is rule number 4 for?? which is set to ask.

And if I do put this rule in How would should I answer to the pop up??

pand's rules specifically prohibits uTorrent's use of, what are called, privileged ports (1 - 1024). Rule 4 is exclusion to that rule to allow uTorrent access to port 80 (a privileged port). uTorrent sometimes uses port 80 (HTTP) for accessing trackers.

If you see a pop-up & it is consistent with a Tracker site of an active download, then answer yes. Otherwise, if it's a normal torrent user who is using port 80 (which is really dumb), then you should say no.

Some people believe it is not necessary to exclude/control uTorrents use of priv ports, others do. Myself & pand are in the latter group.

[comode]

Hi, I would like to use pands rules, but they do not work for me, whereas ragwigs rules do. What is the main difference between the two that would allow one to work and the other not, as I'd rather be more secure (see 2 posts above)

Thanks.

[shin-ganda]

Hi, I would like to use pands rules, but they do not work for me, whereas ragwigs rules do. What is the main difference between the two that would allow one to work and the other not, as I'd rather be more secure (see 2 posts above)

Thanks.

just use rag' rules then.
i know a supercop who didn't use any specific rules for torrent app, he just choose "treat this app as trusted".
don't forget to open firewall/common tasks/stealth port wizard and choose:
"alert me to incoming connection-stealth my ports on per case basis"
to create global rule. 

[sean_691]

Hey guys im new to all this so please bare with me...
Padlouk I followed your steps to configuring the firewall with utorrent and everything went fine, i got the green light etc.
When I have gone on it today defense + keeps warning me that utorrent.exe is accessing the COM interface and the DNS/RPC Client Access. What do I select for these?  I selected trusted application. I started using utorrent and i was back to the orange warning light and when I had already fowarded my port yesterday (everything working fine) now the portfoward site is telling me my port is not open.
Sorry one last thing I forgot to add was that yesterday I had none of these defense + alerts. Can you please help me on what I need to do?
(Padlouks rules are already setup with the utorrent on the firewall configuration)

[sean_691]

Sorry guys ignore the post I found out what had happened and it was just a matter of configuring the stealth port on my firewall to a different mode.

[Wraith]

Forgive me if this has been covered somewhere in the thread, but well...15 pages; you know.

Couldn't we just go to Firewall-> Network security policy -> application rules, and then add all these rules to utorrent? Wouldn't that make them only active while running uTorrent (which I'd think would be ideal)?

[shin-ganda]

Forgive me if this has been covered somewhere in the thread, but well...15 pages; you know.

Couldn't we just go to Firewall-> Network security policy -> application rules, and then add all these rules to utorrent? Wouldn't that make them only active while running uTorrent (which I'd think would be ideal)?

YES 

[Comofo]

At one point*  I had µTorrent configured this way [application rules] but checked in on it one day and found that several rules [port specific] had been added to the list - this might have been due to my then-current firewall settings. I removed the excess rules and applied...after running µTor again they were back.
By creating a predefined policy I was ensuring this would not occur again...µ know?


*this was a while back and the details are somewhat fuzzy.

[shin-ganda]

µTorrent

question  : how do you type the "µ"

  yes, i know, sorry
oh, and 1 very basic question: do we really need those rules
i'm not sure, some ppl said we need specific rules for torrent app, but Vette said, he "treat utorrent as trusted" & never have any problem?
if those rules are really important (you don't use it, you're toast), then why CFP3 didn't make predefined ruleset for torrent app as well?
  these questions are not for me btw  since i have a very slow internet connection, i don't use torrent app.
but looking at several pages,many ppl asked similar question, they need RULES! and then they can't handle it. 

[Soyabeaner]

Ganda, you might want to check out Google.  It's the best search engine in the world.  I'll lend you a hand while we're at it in case you start asking the rest of the Greek alphabet.

There is obviously more than one way to set up rules for µTorrent, or anything program for that mater, even beyond Pan & Rag's rules.  Just look at mine: I got rid of Global Rules a while ago.

Of course anyone can treat µTorrent as trusted with no problems.  It's when you pick the opposite on the spectrum like Isolated Application that you can't use it at all .  This is refering to Defense+, not the Firewall setup here.  Pretty much all default Defense+ rules are untouched, while the rest of my programs are set as Custom.  Now what is Custom?  My particular setup is set to allow each specific action surrounding a program like uTorrent (as I receive the Defense+ alerts, which I haven't since the beginning when I launched uTorrent).  If you set uTorrent as Trusted, you're granting it to do almost anything --> this is for those who really trust uTorrent not to have any malicious code or activity and/or for the average Joe to not receive as many Defense+ alerts.

Why should CFP3 make a default Predefined Rule for torrent programs?  It wouldn't be realistic and it would be incomplete.  Now we're in the Firewall aspect here.  uTorrent or other p2p require the user to manually pick a listening port within its own application.  Let's say I pick port 12345, but how would CFP3 know?  I can either manually create these rules (like following the first post in this thread) or automatically creating them using the Stealth Ports Wizard to toggle Alert me to incoming connections (basically for P2P programs or ones you want to receive an alerting to incoming connection requests).  I think the option names in CFP3 are self-explanatory.  Even too long for me .  Predefined Rules are meant as basis so that they can used over and over again for more than one program.  I only have 1 P2P program and that's uTorrent.  Why would I need a Predefined Rule for it?  It's a waste of time for me.  One the other hand, as an example, I use the default Predefined Rule for Web Browser that CFP3 has created because I have multiple browsers.  Simple as that.

I see the same questions over and over again about the difference between Pan & Rag rules.  Let's put it this way: Rag is the standard one that most of us have been using since CFP v2.  Nothing wrong with that.  Pan is more secure in the sense that you and the other seeds or leechers cannot connect to each other on the Privileged Ports (# 0 to 1023 --> See Firewall > Common Tasks > My Ports Sets), which are supposed to be reserved for the common Windows services/processes like port 80 is for HTTP (browsers use this).  The reason why I use Rag rules is not just because it's easier and less steps, but because I found my download speeds dropped.  For tweakers, better go with Rag rules (and mine if you like to further tweak on ICMP rules).

Edit: Too late.  Kail summed it up better

[Josh123]

μTorrent

Wow! I did it 

Josh

[Tags:]