Creating firewall rules for incoming connections is broken. [M335] [v6]

A. THE BUG/ISSUE (Varies from issue to issue)
[ol]- Summary - Give a clear summary in the topic subject, NOT here.

  • Can U reproduce the problem & if so how reliably?: yes, 100%
  • If U can, exact steps to reproduce. If not, exactly what U did & what happened:
  1. Create global rule allowing incoming connections to chosen port (optional step; only if all incoming connections are dropped by default, so we have to punch a hole in fw).
  2. Run an application which listens on that port. (make sure that this application does not have rules)
  3. Make remote connection to our pc on previously selected port.
  4. When when pop-up shows up check “remember” and click “allow”.
  5. Check “application rules”.

I tested this for mIRC and incoming AUTH (:113) connections.

  • If not obvious, what U expected to happen:

If we follow previous steps CIS creates a rule, but it’s bugged and remote host is put as a destination address, not a source address as it should. (for incoming connections destination is our IP) Other rule params are fine.

Because of that such rule is invalid and pop-up will show again and again as src/dst are swapped.

What I expect is that CIS for incoming rules should treat remote host as a source address.

  • If a software compatibility problem have U tried the conflict FAQ?: n/a
  • Any software except CIS/OS involved? If so - name, & exact version: no
  • Any other information, eg your guess at the cause, how U tried to fix it etc: you can only fix this by creating a rule manually
  • Always attach - Diagnostics file, Watch Activity process list, dump if freeze/crash. (If complex - CIS logs & config, screenshots, video, zipped program - not m’ware) PM for password

B. YOUR SETUP (Likely the same for each issue, so you can copy forward)
[ol]- Exact CIS version & configuration: 6.0.264710.2708, own

  • Modules enabled & level. D+/HIPS, Autosandbox/BBlocker, Firewall, & AV: AV + FW
  • Have U made any other changes to the default config? (egs here.): yes
  • Have U updated (without uninstall) from a CIS 5?: no
    [li]if so, have U tried a a clean reinstall - if not please do?: n/a
    [/li]- Have U imported a config from a previous version of CIS: no
    [li]if so, have U tried a standard config - if not please do: n/a
    [/li]- OS version, SP, 32/64 bit, UAC setting, account type, V.Machine used: XP Pro, SP3, 32b, admin
  • Other security/s’box software a) currently installed b) installed since OS: a=none b=none

[attachment deleted by admin]

This has been reported before - FW rule created from alerts swapped Source/Destination IP [~] [v6] although it wasn’t perused by the OP.

When I looked at this earlier, I couldn’t reproduce, however, having looked again, it does indeed reverse the source and destination addresses for inbound connections but only if the originator is external to the LAN. If the originator is another PC on the same LAN, the fields are correct - apart from the bug that adds the entire subnet mask to the source.

It’s also worth pointing out that the log files show source and destination correctly.

Excellent bug report thank you wilk, and also excellent clarification from Radaghast

Now we have a format verified report hopefully devs will look into it.

This bug is related, though not the same:;msg643987#msg643987

Thank you very much for your report in standard format, with all information supplied. The care you have taken is much appreciated by Comodo, and will increase the likelihood that this bug can be fixed.

Developers may or may or may not communicate with you in the forum or by PM/IM, depending on time availability and need. Because you have supplied complete information they may be able to replicate and fix the bug without doing so.

Many thanks again


fixed in 2801 or 2813

Thanks, tracker updated