Author Topic: About default network rules created in CPF 2.3.3.33...  (Read 2684 times)

Offline TerDale

  • Comodo Member
  • **
  • Posts: 29
About default network rules created in CPF 2.3.3.33...
« on: August 17, 2006, 06:26:43 PM »
I wonder why, among the default network rules created by the latest CPF beta, there are the 2 following:
- "allow ICMP in from [any] to [any] where ICMP message is fragmentation needed"
- "allow ICMP in from [any] to [any] where ICMP message is time exceeded"
?

Is this a kind of typo  ;), or is this deliberate? If this is the latter, could you elaborate?

BTW, I changed "allow" to "block" for both of them for the time being.

Offline ~Daniel~

  • I used to be indecisive, but now I'm not so sure.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 906
Re: About default network rules created in CPF 2.3.3.33...
« Reply #1 on: August 17, 2006, 08:24:32 PM »
From what I can remember, there were alot of people that were experiencing certain web-sites not loading (or not loading fully) unless certain ICMP rules were created... these then became default rules in the new beta.
OS: Win 10 Enterprise x64 build 1809
Comodo: CIS 11.X (latest version)
Backup/Imaging: Macrium Reflect Home v7.X
Win10 Phone: N/A
Personal Website: Comodo SSL (via CloudFlare)

Offline TerDale

  • Comodo Member
  • **
  • Posts: 29
Re: About default network rules created in CPF 2.3.3.33...
« Reply #2 on: August 18, 2006, 05:11:10 AM »
Thanks  m0ng0d, but could you (or anyone else) elaborate a bit with technical details? This is really unclear for me why such rules would be needed....

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: About default network rules created in CPF 2.3.3.33...
« Reply #3 on: August 18, 2006, 03:14:58 PM »
Thanks  m0ng0d, but could you (or anyone else) elaborate a bit with technical details? This is really unclear for me why such rules would be needed....

1st icmp rule is because some routers send you this ICMP and your PC behave accordingly. Otherwise, some sites requiring fragmentation the their routes will not be shown correctly. Like Windows Update routes.

The other one is about allowing you to be able to do tracerouting. You can live without/without those rules safely.

Offline RejZoR

  • Comodo's Hero
  • *****
  • Posts: 1172
Re: About default network rules created in CPF 2.3.3.33...
« Reply #4 on: August 19, 2006, 07:59:48 AM »
So if i understand correctly egemen, ICMP Time Exceeded is only for routers while ICMP Fragmentation Needed is requird by some webpages? I'm asking again because you said 1st one is for routers but first one mentioned by TerDale is Fragmentation Needed which is also mentioned for Windows Update (and other webpages).

Offline egemen

  • Comodo Staff
  • Comodo's Hero
  • *****
  • Posts: 3380
Re: About default network rules created in CPF 2.3.3.33...
« Reply #5 on: August 19, 2006, 07:31:14 PM »
So if i understand correctly egemen, ICMP Time Exceeded is only for routers while ICMP Fragmentation Needed is requird by some webpages? I'm asking again because you said 1st one is for routers but first one mentioned by TerDale is Fragmentation Needed which is also mentioned for Windows Update (and other webpages).

No no. Both of them are for the personal computer. "traceroute" is a command you can issue from the command line.
for examle :"tracert www.comodo.com" will show you the route to the www.comodo.com server. Without time exceeded rule, it will not work.

Offline TerDale

  • Comodo Member
  • **
  • Posts: 29
Re: About default network rules created in CPF 2.3.3.33...
« Reply #6 on: August 21, 2006, 05:52:29 AM »
Thanks egemen for these clarifications.
Indeed, for the 2nd one (time exceeded) I suspected this was related to ping/tracert stuff, but I was not strict enough and tested only with ping, for which didn't notice any side-effect while blocking the rule. Now, testing with tracert makes it clear.
Thanks a bunch  :)

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek