I have applied the ruleset for Qbittorrent as suggested in the following link:
unfortunately, it did not work. it contentiously blocks the program from downloading the torrent file. in the comodo log it gives me the following message :
Date application action direction protocol source ip source port destination ip destination port
— C:\Program…\qbittorrent.exe blocked out TCP 127… 1025-65535 127… 1025-65535
this message appear every second in the network intrusions module, the only thing that changes is the source and destination ports from 1025 to 65535.
any help will be appreciated.
thanks
Update: I finally figured out which rule is causing the problem. it seems that rule 5 is blocking these connections. I changed the action to ask instead of block, then when i launch the app, i got comodo popping up. So, are these connections safe or what ? (picture attached)
That guide is wrong and should not be used, all you need to do is create a singe allow in rule with the port that the application listens on. If it listens on port 12345 for example then you would need to make a rule as follows: action=allow direction=in protocol=tcp/udp source address=any source port=any destination address=any destination port=12345 and you should have the same rule defined under global rules.
So, I should create one rule for this individual app in the application rules section and then create that one rule again in the global rules sections.
It seems redundant.And I am not sure if that is secure enough.
Yes for the app rule, but depending on what your global rules are set up as, you might not have to make the same rule for global rules. If you haven’t set ‘block incoming connections’ option in firewall tasks > stealth ports then you will be fine. But if you stealth your ports by using the block incoming connections option then you need to make the allow in rule as global rules are processed first then application rules when dealing with incoming connections.
It depends if you want to seed files and allow others to download from you. The way p2p works is that your client tells the tracker that you have a particular torrent and the tracker will add you to a seed pool so other clients can connect to in order to download part of the file they are requesting. If you want to be apart of a seed pool for others to connect and download from then you must allow the incoming connections. Otherwise you don’t need to create any allow rules to accept incoming connections.
Thank you very much that was helpful. So these are my configurations for BitTorrent apps:
Rule 1
Action : Allow
Protocol : TCP or UDP
Direction : In
Description : Rule for incoming TCP and UDP connections
Source Address : Any Address
Destination Address : Any Address
Source port : A Port Range : (Start port = 1025 / End port = 65535)
Destination port : A Single Port (Port: The port of BitTorrent app)
Rule 2
Action : Allow
Protocol : TCP
Direction : Out
Description : Rule for outgoing TCP connections
Source Address : Any Address
Destination Address : Any Address
Source port : A Port Range : (Start port = 1025 / End port = 65535)
Destination port : A Port Range : (Start port = 1025 / End port = 65535)
Rule 3
Action : Allow
Protocol : UDP
Direction : Out
Description : Rule for outgoing UDP connections
Source Address : Any Address
Destination Address : Any Address
Source port : A Single Port (Port: The port of BitTorrent app)
Destination port : A Port Range : (Start port = 1025 / End port = 65535)
Rule 4
Action : Allow (Also select the check box ‘Log as a firewall event if this rule is fired’)
Protocol : IP
Direction : Out
Description : Allow Outgoing Requests
Source Address : Any Address
Destination Address : Any Address
IP Details : IP Protocol : Any
Rule 5
Action : Block (Also select the check box ‘Log as a firewall event if this rule is fired’)
Protocol : IP
Direction : In
Description : Block and Log All Unmatching Requests
Source Address : Any Address
Destination Address : Any Address
IP Details : IP Protocol : Any
I did not create a rule for HTTP requests since mot of the BitTorrent apps need these connections to check for updates.