/ Allow or Block?

I am finding a lot of IGMP inbound violations from

Should I allow it?

I also have some IGMP trafifc from the same address, it is used for comunication between the router and all the other computers in the same network. I’ve made a rule to allow it, but I only have outbound, not inbound.
I would probably allow it, but I’m not 100% sure. Maybe you should wait for someone more experienced to answer :slight_smile:

Many Windows processes/services, along with various applications use IGMP to communicate. By default, CPF’s rules do not explicitly allow it.

Here’s my take on that, as with any type of traffic (IP Protocol). If you don’t need it, why allow it? We are all aware that Windows has plenty of security holes/issues, and since these things happen in the background (without the user’s specific knowledge or consent), this could be a security issue.

That does not mean that it is a security issue; just that it could be, as you don’t specifically know what the communication entails. If your applications are working without problem, then what’s the point in allowing it. If you have a problem with connecting, or with an application connecting, and the logs (and research into that application) seem to indicate that the Protocol is needed, then you can create a specific network rule to allow that, so that the application can communicate.

Hope that helps,


I have a rule for it.
It looks like this.
It is in my network.

Action : Allow
Protocol : IP
Direction : In
Source IP : Zone
Destination IP :
IP Detail : IGMP

Why did you choose “zone”?

I have a router and then you should make a trusted network.
For me, it’s all internal in my network zone, because it’s the router that sends out these IGMP alerts.
It’s necessary if you want to use streaming audio/video.
I have a setting in my router, so I can turn the IGMP off if i want.

Ok, so you have another computer, which you may want to allow IGMP?

Yes, there is 4 computers in my network.
Do you use a router?

Hi guys,
My log is full of this message as well.

Desc: Inbound Policy Violation (Access Denied, Protocol=IGMP)
Protocol: IGMP Incoming
Reason=Network Control Rule ID=5

The source and destination are always exactly the same as above. I get that logged every minute.
I have a single computer connected to internet via ethernet adapter thru a cable modem.
This does not stop me any application running (so far) so it did not worry me. But my log is being filled up with this. If it is not necessary, is there a way to stop this logging.

Aowl mentioned that it is necessary for streaming audio/video. Is there any way for me to test that?
I can watch live tv shows or movie trailers from realplay site, etc. Is that what you mean by streaming video? Pardon my ignorance again.


I meant streaming on my network.
Sometimes I’ve heard that it’s needed for msn messenger and some other Windows apps, but you can try to make the rule I made in a previous post, and change it to block. Put “Any” where I wrote zone. Put the rule right above the default block rule.
I you get problems with something just put allow in it, and see if it works.

When you make the block rule that AOwl mentioned, do not check the box “Create an alert…” that way it won’t log the rule’s activity.


Just to make sure what I’ve done is correct, this is the rule I created:
Block Ip In Any IGMP.
Unchecked the show alerts from this rule.
Now it is still blocking and not logging any events for this event.
(It is the 5th rule now in the default rules as I have not created or editted any rules)

As I understand, we put this rule only to be able to stop logging the alert from this event. Is that correct?


P.S. As I am new to firewalls and would like to learn and understand it, I may have more questions to ask regarding logs, connections or how it works in general. Is there a common topic for this? I do not want to create a new topic for every question I may have. I try searching firstly but sometimes it takes a while to find what you really want.

I really enjoy CPF and the support from the forums. It’s great and keep it up Guys.



First, with the addition of that rule, you should have a total of seven network rules. The default rules created by an Automatic installation will number from Rule ID 0 to Rule ID 5 (thus, six rules). Here’s a link that gives all the basic network rule setups: https://forums.comodo.com/index.php/topic,5340.0.html

Here’s one on understanding and creating network rules (I highly recommend this one): https://forums.comodo.com/index.php/topic,1125.0.html. This was written initially for an older version of CPF; some of the language is different, but the theory is the same.

Here’s one to help understand how the rule structure in CPF works (Network, Application, Component): https://forums.comodo.com/index.php/topic,5372.0.html

Second, yes, the addition of that rule is simply to block the IGMP traffic before it gets to the bottom Block & Log rule (it should be above that bottom block rule). By not setting this new rule to Log, you can keep the activity log from being filled up with all those entries relating to blocked IGMP.

Third, yes there is a recommended place to start. It’s right here: https://forums.comodo.com/index.php/topic,894.0.html This is the compiled “FAQ” page of common issues, with subjects and links to topics addressing those issues. If you have a question, chances are good you will find an answer here. If you need clarification, just post a question on the relevant thread. (Note: the three links I provided above all come from within this page).

This is within the overall FAQ section of the firewall forum, here: https://forums.comodo.com/index.php/board,32.0.html

Hope that helps you.


Thanks LM.
Bother you again soon!!!