Comodo Firewall is blocking ARP and the ip’s are the same and from my modem how do I add a rule to the firewall to allow


Hello sbear2000, I too receive these blocked action alerts, and so far it has only been for IP’s over the networks my particular system is on at the time. For example, at home, it is usually the IP’s of phones, devices, game consoles, or other PC’s that connect to the network and cause these blocked actions on the systems I am using at the same time.

I believe it is due to the fact I use the (Enable anti-ARP Spoofing) function, listed in the advanced section of the general firewall settings area.

[From the user guide] → Enable anti-ARP spoofing - A gratuitous Address Resolution Protocol (ARP) frame is an ARP Reply that is broadcast to all machines in a network and is not in response to any ARP Request. When an ARP Reply is broadcast, all hosts are required to update their local ARP caches, whether or not the ARP Reply was in response to an ARP Request they had issued. Gratuitous ARP frames are important as they update your machine’s ARP cache whenever there is a change to another machine on the network (for example, if a network card is replaced in a machine on the network, then a gratuitous ARP frame informs your machine of this change and requests to update your ARP cache so that data can be correctly routed). However, while ARP calls might be relevant to an ever shifting office network comprising many machines that need to keep each other updated , it is of far less relevance to, say, a single computer in your home network. Enabling this setting helps to block such requests - protecting the ARP cache from potentially malicious updates (Default = Disabled).

I have found either disabling this function, or adding IP’s of devices you know and trust to your Network Zone prevents this action from happening. I do NOT do this however, and only did this to test the action. I’m not sure how this affects my systems, and I’m not sure of a safe way to permit known systems to communicate amongst each other this way without opening up the blocking system to the rest of the network more than I would like to.

I just wanted to post this so you would know you are not alone in this, and maybe someone else has a suggestion for those of us experiencing this.