When CIS is installed in FW only mode and choosing the “COMODO - Firewall Security” config as the default config then CIS creates a set of global rules to block some specific ICMPv4 traffic.
Since IPv6 filtering is off per default when CIS is installed there are no such block global rules for IPv6 traffic.
Question is, is it advised or needed to add the same block rules for IPv6 to block the same traffic on IPv6?
If using or behind a router, enabling or blocking ICMP does not really matter.
Routers/modem can be set to not respond to pings (which is ECHO Request) or reply (which is ECHO reply).
No because other than echo request, those specific types/codes do not exist for ICMPv6.
You are probably right, I use a router with a build-in firewall so it might be that this type of ICMP traffic is already blocked by it. I could check this blocking but would rather leave the router/firewall settings to their defaults as everything is working nicely now.
I appreciate your feedback, thank you.
Ah OK. No need to add those rules.
Thank you! :-TU
Basically this, to check if Comodo Firewall is indeed hiding your system ports, its needed to manually set up a DMZ in your Router settings (Google will help you with it).
Default Global Rules in Comodo Firewall or Proactive Security mode won’t make your system ports stealth, they will appear closed (you can check with GRC ShieldsUp test after setting up a DMZ).
To make system ports stealth through Comodo Click ‘Tasks’ > ‘Firewall Tasks’ > ‘Stealth Ports’ > Block Incoming Connections. You will notice the Global Rules will change to a different ruleset.
Another instance of the program which is not made very clear to users, I think.