http://img164.imageshack.us/img164/4400/comodofx3.png
This is a Default setting , wonder why it is Block? Thx.
That rule blocks any unsolicited attempts to communicate with your system that you do not have an Application rule for. Without it, your system will be wide open & accept any inbound/outbound communications.
Thx, for the explanation…Appreciate it. C-O-M-O-D-O still Rules, in my System. It is a Keeper alright, though abit complicated for beginners.
Don’t you still need to create a network rule (inbound) to be prompted for an application rule?
Slightly OT from the original question. If you use a program where inbound connection attempts may appear unsolicited (like a Torrent client or a game), then you will might to need to create rules to allow those connection attempts. I say might, since some applications open the ports & listen for these connection attempts.
What does “OT” mean? ???
OT = Off Topic
Ok, thanks.
I’m a Mod… I’m not allowed to let topics go OT, and as for posting OT myself, well… Doh! I’ve done it again. ;D
G’day,
In a nutshell, rules 0 - 4 are for what you have said IS allowed to go out and play. Rule 5 is for everything else. Assuming that all of your normal applications can communicate adequately using rules 0 - 4, then the bad stuff or the unknown, unproven stuff gets caught by rule 5 and you’re alerted.
Its always a good idea to have a catch-all blocking rule as the last in the rules list - not just with CPF, but with any firewall.
Hope this helps,
Ewen
I’ve got a question that kind of relates to this rule. I’ve noticed when I look in the log I see these incoming UDP protocols that are being blocked by rule 5 every 5 seconds or so. They’re from the same IP every time and I’m pretty sure about the IP they’re being sent from. I just started noticing this today, and I was wondering if there was anyway I could get some answers on what to do?
Getting the answers depends to a large extent on adequately describing the problem.
What do you mean when you say “I’m pretty sure about the IP”? Do you mean “I know that address and the traffic from it is OK” or do you mean “I’m certain of the address, but uncertain of its intentions”?
Do you run P2P software, and if so, have you configured a rule for this?
Is it possible that this is a port scan/probe, looking for vulnerabilities?
If you can provide more concrete details, we might have a shot at providing a more concrete answer.
Hope this helps,
Ewen
Hey, thanks for the reply. To answer your question, yes I’m pretty sure the IP is from my modem or my ISP. I don’t use P2P so it’s nothing to do with that. Is there a way that I can post this activity to give you a better understanding of what’s going on? Another question I have is should svchost be getting incoming UDP’s?
Can you post your firewall logs here so we can have a better look?
cheers,
ewen
Sure, but I’ve never done that, so how do I do it?
Open CPF, click the ACTIVITY button (at the top of the window) and then click the LOGS button (on the left hand side opf the window. Doa right click inside the logs window and select “Export HTML”. Name the file and save it somewhere, and then attach it to your next posting.
Hope this helps,
Ewen
I hope this works. It wouldn’t allow an HTML document, so I put it in a zipped folder.
[attachment deleted by admin]
I’ll have a look at this tonight when I get home (about three hours). Work’s LAN won’t allow ZIPs to be downloaded.
cheers,
ewen
Thanks for your help, it’s much appreciated!!!
gah…what was the answer! this is identical to what I raised a new topic on, the IP address is my ISP but no idea why they are all UDP incoming packets nor what rule I’m best to implement to preserve security.