Assuming your computer needs to be open for incoming traffic at TCP port 5222 there are two things that need to be done.
First open the port for incoming traffic in Global Rules. Read the following tutorial I made. Substitute the port numbers and protocol for your situation.
To open the port TCP 1723 for example
First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.
Notice that Physical address = MAC address
Firewall → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port
Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723
Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.
Second step is to make sure the browser also will allow traffic coming in at port 5222. This is done in two steps. First step is to make a new policy; the advantage of a policy is that you can use for multiple browsers. Second step is to give that policy to your browser(s).
1. Go to Firewall --> Network Security Policy --> Predefined Policies --> Add.
Give the policy a name f.e. Browser with Quake Live.
Chooser Use a Custom Policy and choose Copy From --> Predefined Security Policies --> Web Browser.
Now we add a rule for the incoming traffic for the new policy. Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port for Quake Live
Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 5222
Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Apply → Ok.
Now we are going to apply the policy to your browser of choice. Open your browser. In CIS go to Network Security → Application Rules → Add → Select → Running Processes → select your browser → Select.
In the lower pane choose Use a Predefined Policy → Choose Browser with Quake Live → Apply → Ok.
First of all - thanks. It helped with connecting/logging to Quake Live home.
BUT, it didn’t help with playing. I mean, connecting to servers, I get “Awaiting connection” forever.
I noticed that every time I try to connect to some server I get “plugin-container.exe” blocked multiple times by Comodo Firewall. Ow, and the protocol for it is UDP.
Looking through QL forums I also found this suggestion:
“Quake Live requires ports to open
TCP 5222 //for authentication
UDP 27000-27999 //for game itself”
But as you can see, it’s not much of a information for a noobie like me… I just don’t know how to make that happen.
So what else needs to be done? Or maybe it’s the same ruleset and I just need to repeat it with different ports (27000 - 27999) and UDP protocol ?
Plugin container is an executable belonging to FF browser. It may have gotten sandboxed. Go to Defense + → Unrecognised Files and see if plugincontainer.exe is in that list. If it is then select it and move it to Trusted Files.
Also add rules for UDP traffic like you did with the rule for the TCP traffic:
Add a Global Rule
Edit the Browser with Quake Live policy under Network Security Settings → Predefined Policies.
Tip: when making rules make use of port range when setting the destination ports.
It still ain’t working though, and plugin container still gets blocked. It wasn’t in Unrecognised Files and it wasn’t in Trusted Files as well. I tried to add it to Trusted Files but it says it’s already marked as safe file… even though it isn’t in Trusted Files … well I can’t see it at least.
Eh, I did everything what you said … step by step. ■■■■, I’ve put my hands on Comodo just few days ago and I love it but this Quake Live thingy is really … upsetting.
Any more ideas? Or maybe I should make a ruleset for plugin-container.exe too? It’s on the Network Security Policy list as well, basically with browser rules … but without those strictly Quake Live rules I made with your help… maybe that’s the problem?
Ok, so: I need to make 2 exactly the same rules for plugin-container.exe ? Should be easy since I already got em predefined.
EDIT: Still ain’t working, firewall still blocks plugin-container.exe everytime I try to connect to some QL server. Man, what the hell …
I don’t know what else I could do… that’s how it looks in Comodo; (it’s in polish but you’ll figure if you know Comodo. Ow, “zablokowano” = “blocked”).
[I don’t know why I hided my IP, not much of a info, but whatever]
Maybe it has something to do with destination IP? In rules that we made, in Destination Adress I’ve put my physical/MAC adress … but on the list below we got different destination IP on each QL server, which makes sense.
But I don’t know, I’m noob. I’m just guessing.
Last thing I found on QL forums is:
"A more complete list of what ports that are required is:
TCP 80 - normal http
TCP 443 - https for website log in
TCP 5222 - Authentication
UDP 27000-27999 for the game. "
But again … I don’t know. It isn’t even official statement, just some random dude’s suggestion. Maybe he’s right though … I don’t know.
I love how serious & careful Comodo is but on the other hand I never had connection problems with Quake Live. It’s new to me that it is so hard to set up … new & irritating.
I don’t play QL but I’m sure the rules for fx will be ok. As far as I’m aware plugin-containre.exe only connects out on TCP, you just need to know the port.
Incoming? Like this: plugin-containter.exe + Browser rules + :
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port
Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 5222
Same as above but Destination port = 4077 … right?
Doesn’t work as well … have you tried connecting to some server already? That’s the problem. Plus … now I’m really confused lol. Can’t believe that QL staff didn’t make some guide for this yet.
Well, just for a test I marked plugin-container.exe as a Trusted Application in both - Defense+ and Firewall.
So basically it says that every connection from it is allowed.
Quake Live works.
So … is it dangerous? I shouldn’t keep it like that? Or maybe it’s safe? Or maybe just turning it on like that just for some Quake Live session wouldn’t be a harm?
What do you think? I mean … I would rather make ruleset for exact ports and all but since we can’t figure how …
PS. Update - actually allowing everything for plugin-container in Firewall is also enough.
The connections for plugin-container.exe are TCP outbound, not inbound. plugin-container.exe is a firefox process that allows plugins, such as the QL plugin, to run outside the main firefox process, so if a plugin fails it won’t crash the whole browser.
Instead of making the process trusted, you could simply may it Outgoing only.